@lodestar/utils Apache-2.0 9 versions

@lodestar/utils

npm Repository Homepage

Utilities required across multiple lodestar packages

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

wemeetagainmatthewkeiljoshdougallkalambet

Keywords

ethereumeth-consensusbeaconblockchain

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Signals relate to a co-maintainer's unrelated packages; lodestar/utils is a well-established Ethereum utility library.	ai	2026/04/27
semgrep	semgrep:base64-decode	AI (semgrep): Lodestar is an Ethereum consensus client utility library; base64 encode/decode is standard for handling cryptographic data. The code is straightforward and non-obfuscated.	ai	2026/04/25
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding is fundamental to blockchain/Ethereum data handling (hashes, keys, addresses). The code sample shows idiomatic Buffer.from(hex, 'hex') with no malicious patterns.	ai	2026/04/25
dependencies	unvetted-dep:@chainsafe/as-sha256	AI (dependencies): @chainsafe/as-sha256 is from the same ChainSafe org as Lodestar; a SHA-256 implementation is expected in an Ethereum consensus utility library.	ai	2026/04/25
dependencies	unvetted-dep:@vekexasia/bigint-buffer2	AI (dependencies): BigInt/Buffer conversion is a standard need for blockchain numeric operations; contextually appropriate for this package.	ai	2026/04/25

Versions (showing 9 of 9)

Version	Deps	Published
1.43.0	5 / 4	2026-05-20
1.42.0	5 / 4	2026-04-13
1.41.1	5 / 4	2026-04-01
1.41.0	5 / 4	2026-03-19
1.40.0	5 / 4	2026-02-11
1.35.0	5 / 3	2025-10-08
1.34.0	5 / 3	2025-09-10
1.31.0	5 / 3	2025-06-03
1.30.0	5 / 3	2025-05-14

v1.43.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.42.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.41.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.41.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.40.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.35.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.34.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.31.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.30.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.