@ledgerhq/device-transport-kit-mockserver Apache-2.0 2 versions

@ledgerhq/device-transport-kit-mockserver

npm Repository Homepage

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

phenry-ledgersergii-shkolingbrahm-ledgerthomas.coudrayldg-github-civbouzonledger-releaser

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Monorepo sub-package from LedgerHQ; missing description is a cosmetic issue, not a security signal for this package.	ai	2026/04/25
phantom-deps	phantom-dep:@sentry/minimal	AI (phantom-deps): @sentry/minimal is a legitimate Sentry package; phantom dep finding reflects a packaging/config usage pattern, not a security concern for this package.	ai	2026/04/25
dependencies	unvetted-dep:purify-ts	AI (dependencies): purify-ts is a well-known functional programming library for TypeScript; no security concerns associated with it.	ai	2026/04/25

Version	Deps	Published
1.0.2	2 / 9	2026-01-09
1.0.1	2 / 9	2025-12-12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.