← Home

@ledgerhq/coin-stacks

npm Repository Homepage

Ledger Stacks Coin integration

46
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

phenry-ledgersergii-shkolingbrahm-ledgerthomas.coudrayldg-github-civbouzonledger-releaser

Keywords

LedgerLedgerWalletstacksstxBitcoin layer2Hardware Wallet

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:lodash AI (phantom-deps): lodash is declared and legitimately used in config/utilities for a blockchain library; not a true phantom dependency. ai
phantom-deps phantom-dep:@ledgerhq/devices AI (phantom-deps): Same-org scoped dependency declared and used; legitimate for hardware wallet integration. ai
phantom-deps phantom-dep:ripple-binary-codec AI (phantom-deps): Platform-specific binary package legitimately declared for Stacks/blockchain operations. ai
phantom-deps phantom-dep:ripple-address-codec AI (phantom-deps): Declared and used in config for address encoding operations; legitimate for blockchain library. ai
semgrep semgrep:hex-decode AI (semgrep): Hex decoding in this package is standard blockchain memo field parsing (stripping 0x prefix, removing null bytes) — expected behavior for a Stacks blockchain integration. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decoding is used for message signing validation — standard and expected in a hardware wallet coin module. ai

Versions (showing 46 of 46)

Version Deps Published
0.21.5 20 / 14
0.21.4 20 / 14
0.21.3 20 / 14
0.21.2 20 / 15
0.21.1 20 / 15
0.21.0 20 / 15
0.20.0 20 / 15
0.19.0 21 / 13
0.18.0 21 / 13
0.17.0 20 / 13
0.16.0 20 / 13
0.15.5 20 / 12
0.15.4 20 / 12
0.15.3 20 / 12
0.15.2 20 / 12
0.15.1 20 / 12
0.15.0 20 / 12
0.14.0 20 / 12
0.13.2 20 / 11
0.13.1 20 / 11
0.13.0 20 / 11
0.12.2 20 / 11
0.12.1 20 / 11
0.12.0 20 / 11
0.11.0 20 / 11
0.10.0 20 / 11
0.9.3 20 / 11
0.9.2 20 / 11
0.9.1 20 / 11
0.9.0 20 / 11
0.8.18 20 / 11
0.8.17 20 / 11
0.8.16 20 / 11
0.8.15 20 / 11
0.8.14 20 / 11
0.8.13 20 / 11
0.8.12 20 / 11
0.8.11 20 / 11
0.8.10 20 / 11
0.8.9 20 / 11
0.8.8 20 / 12
0.8.7 20 / 12
0.8.6 20 / 12
0.8.5 20 / 12
0.8.4 20 / 11
0.8.3 20 / 11

v0.21.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.