@metamask/transaction-controller
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/constants.cjs | AI (source-diff): EVM bytecode constant (CODE_DELEGATION_MANAGER_NO_SIGNATURE_ERRORS); legitimate pattern for Ethereum tooling. | ai | |
| source-diff | encoded-string-file:dist/constants.d.cts | AI (source-diff): Type declaration for EVM bytecode constant; not a payload. | ai | |
| source-diff | encoded-string-file:dist/constants.d.mts | AI (source-diff): Type declaration for EVM bytecode constant; not a payload. | ai | |
| source-diff | encoded-string-file:dist/constants.mjs | AI (source-diff): EVM bytecode constant in ESM build; legitimate pattern for Ethereum tooling. | ai | |
| phantom-deps | phantom-dep:@ethereumjs/util | AI (phantom-deps): @ethereumjs/util is a declared runtime dep in package.json; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 67.0.0 | 27 / 20 | |
| 66.0.1 | 27 / 20 | |
| 66.0.0 | 27 / 20 | |
| 65.4.0 | 27 / 20 | |
| 65.3.0 | 27 / 20 | |
| 65.2.0 | 27 / 20 | |
| 65.1.0 | 27 / 20 | |
| 65.0.0 | 27 / 20 | |
| 64.4.0 | 27 / 20 | |
| 64.3.0 | 27 / 20 | |
| 64.2.0 | 27 / 20 | |
| 64.1.0 | 27 / 20 | |
| 64.0.0 | 27 / 20 | |
| 63.3.1 | 28 / 19 | |
| 63.3.0 | 28 / 19 | |
| 63.2.0 | 28 / 19 | |
| 63.1.0 | 28 / 19 | |
| 63.0.0 | 28 / 19 | |
| 62.22.0 | 28 / 18 | |
| 62.21.0 | 28 / 18 | |
| 62.20.0 | 28 / 18 | |
| 62.19.0 | 28 / 18 | |
| 62.18.0 | 28 / 18 | |
| 62.17.1 | 28 / 18 | |
| 62.17.0 | 28 / 19 | |
| 62.16.0 | 28 / 18 | |
| 62.15.0 | 28 / 18 | |
| 62.14.0 | 28 / 18 | |
| 62.13.0 | 28 / 18 | |
| 62.12.0 | 28 / 18 | |
| 62.11.0 | 28 / 18 | |
| 62.10.0 | 28 / 18 | |
| 62.9.2 | 27 / 18 | |
| 62.9.1 | 27 / 18 | |
| 62.9.0 | 27 / 18 | |
| 62.8.0 | 27 / 18 | |
| 62.7.0 | 27 / 18 | |
| 62.6.0 | 27 / 18 | |
| 62.5.0 | 27 / 18 | |
| 62.4.0 | 27 / 18 | |
| 62.3.1 | 27 / 18 | |
| 62.3.0 | 27 / 18 | |
| 62.2.0 | 27 / 18 | |
| 62.1.0 | 22 / 23 | |
| 62.0.0 | 22 / 23 | |
| 61.3.0 | 22 / 23 | |
| 61.2.0 | 21 / 23 | |
| 61.1.0 | 21 / 23 |
v67.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v66.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v66.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v65.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v65.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v65.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v65.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v64.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v64.3.0
5 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v64.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v64.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v64.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v63.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v63.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v63.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v63.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v63.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v62.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v61.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v61.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v61.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.