@lodestar/prover Apache-2.0 9 versions

@lodestar/prover

npm Repository Homepage

A Typescript implementation of the Ethereum Consensus light client

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

wemeetagainmatthewkeiljoshdougallkalambet

Keywords

ethereumeth-consensusbeaconapiblockchainprover

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:http-proxy	AI (dependencies): http-proxy is a well-known library; its use is expected in a prover/proxy tool that mediates Ethereum JSON-RPC traffic.	ai	2026/04/26
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding is a core operation in Ethereum tooling; this is a standard hex-string-to-buffer utility with no malicious payload. Stable false positive for this package.	ai	2026/04/25

Versions (showing 9 of 9)

Version	Deps	Published
1.43.0	22 / 8	2026-05-20
1.42.0	22 / 8	2026-04-13
1.41.1	22 / 8	2026-04-01
1.40.0	22 / 8	2026-02-11
1.39.1	22 / 8	2026-01-30
1.39.0	22 / 8	2026-01-28
1.37.0	21 / 6	2025-12-01
1.36.0	21 / 6	2025-11-04
1.31.0	21 / 6	2025-06-03

v1.43.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.42.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.41.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.40.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.39.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.39.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.37.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.36.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.31.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.