@ledgerhq/types-live
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): LedgerHQ publishes via CI automation; lack of Sigstore provenance is consistent across their package family and not a meaningful risk signal here. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 6.110.0 | 3 / 11 | |
| 6.109.0 | 3 / 11 | |
| 6.108.0 | 3 / 11 | |
| 6.107.0 | 3 / 11 | |
| 6.106.0 | 3 / 11 | |
| 6.105.0 | 3 / 11 | |
| 6.104.0 | 3 / 11 | |
| 6.103.0 | 3 / 11 | |
| 6.102.0 | 3 / 11 | |
| 6.101.0 | 3 / 11 | |
| 6.100.0 | 3 / 11 | |
| 6.99.0 | 3 / 11 | |
| 6.98.0 | 3 / 11 | |
| 6.97.0 | 3 / 11 | |
| 6.96.0 | 3 / 11 | |
| 6.95.0 | 3 / 11 | |
| 6.94.0 | 3 / 11 | |
| 6.93.0 | 3 / 11 | |
| 6.92.0 | 3 / 10 | |
| 6.91.1 | 3 / 10 | |
| 6.91.0 | 3 / 10 | |
| 6.90.0 | 2 / 10 | |
| 6.89.0 | 2 / 10 | |
| 6.88.0 | 2 / 10 | |
| 6.87.0 | 2 / 10 | |
| 6.86.0 | 2 / 10 | |
| 6.85.0 | 2 / 10 | |
| 6.84.0 | 2 / 10 | |
| 6.83.0 | 2 / 10 | |
| 6.82.0 | 2 / 10 | |
| 6.81.0 | 2 / 10 | |
| 6.80.0 | 2 / 10 | |
| 6.79.0 | 2 / 10 | |
| 6.78.0 | 2 / 10 | |
| 6.77.0 | 2 / 10 | |
| 6.76.0 | 2 / 10 | |
| 6.75.0 | 2 / 10 | |
| 6.74.0 | 2 / 10 | |
| 6.73.0 | 2 / 10 | |
| 6.72.0 | 2 / 10 | |
| 6.71.0 | 2 / 10 | |
| 6.70.0 | 2 / 10 | |
| 6.69.0 | 2 / 10 |
v6.110.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.109.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.108.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.107.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.106.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.105.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.104.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.103.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.102.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.101.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.94.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.87.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.86.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.85.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.84.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.83.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.82.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.81.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.80.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.79.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.78.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.77.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.76.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.75.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.74.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.73.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.72.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.71.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.70.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.69.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.