@morpho-org/liquidation-sdk-viem
Viem-based package that provides utilities to build viem-based liquidation bots on Morpho and examples using Flashbots and Morpho's GraphQL API.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Morpho org migrated publishing to GitHub Actions CI/CD with SLSA attestation; stable pattern going forward. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Morpho org internal restructuring; rubilmax renamed to morpho-rubilmax, consistent with org ownership. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): rubilmax removal is part of same org rename/restructuring, not an external takeover. | ai | |
| dependencies | unvetted-dep:@paraswap/sdk | AI (dependencies): @paraswap/sdk is a well-known DeFi aggregator SDK; stable dependency for this liquidation bot package. | ai | |
| dependencies | unvetted-peer-dep:evm-maths | AI (dependencies): Peer dependency for math utilities; consumer responsibility to vet. | ai | |
| dependencies | unvetted-dep:@velora-dex/sdk | AI (dependencies): DeFi DEX SDK dependency consistent with liquidation bot use case; SLSA-attested publisher. | ai | |
| dependencies | unvetted-dep:executooor-viem | AI (dependencies): Viem executor utility consistent with liquidation SDK purpose; SLSA-attested publisher. | ai |
Versions (showing 37 of 37)
| Version | Deps | Published |
|---|---|---|
| 4.0.3 | 2 / 19 | |
| 4.0.2 | 2 / 19 | |
| 4.0.1 | 2 / 19 | |
| 4.0.0 | 2 / 19 | |
| 3.0.0 | 2 / 19 | |
| 2.22.1 | 2 / 19 | |
| 2.22.0 | 2 / 19 | |
| 2.21.1 | 2 / 19 | |
| 2.21.0 | 2 / 20 | |
| 2.20.0 | 2 / 20 | |
| 2.19.1 | 2 / 20 | |
| 2.19.0 | 2 / 20 | |
| 2.18.0 | 2 / 20 | |
| 2.17.1 | 2 / 20 | |
| 2.17.0 | 2 / 21 | |
| 2.16.3 | 2 / 21 | |
| 2.16.2 | 2 / 21 | |
| 2.16.1 | 2 / 22 | |
| 2.16.0 | 2 / 22 | |
| 2.15.0 | 2 / 22 | |
| 2.14.2 | 2 / 22 | |
| 2.14.1 | 2 / 22 | |
| 2.14.0 | 2 / 22 | |
| 2.13.0 | 2 / 22 | |
| 2.12.1 | 2 / 22 | |
| 2.12.0 | 2 / 22 | |
| 2.11.1 | 2 / 22 | |
| 2.11.0 | 2 / 22 | |
| 2.10.0 | 2 / 22 | |
| 2.9.0 | 2 / 22 | |
| 2.8.0 | 2 / 22 | |
| 2.7.3 | 2 / 22 | |
| 2.7.2 | 2 / 22 | |
| 2.7.1 | 2 / 22 | |
| 2.7.0 | 2 / 22 | |
| 2.6.3 | 2 / 22 | |
| 2.6.2 | 2 / 22 |
v4.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.16.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.16.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.16.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.11.1
2 findingsThis version was published by a different npm account than previous versions on 2025-09-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.