@motebit/crypto-play-integrity Apache-2.0 5 versions

@motebit/crypto-play-integrity

DEPRECATED — use @motebit/crypto-android-keystore for canonical sovereign-verifiable Android hardware attestation. This package was scaffolded against a pinned-Google-JWKS model that Google's Play Integrity API does not support (verification keys are per-

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

danielhakim

Keywords

motebitgoogleplay-integrityattestationandroidhardware-attestationjwtjwksverify

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@motebit/crypto	AI (dependencies): Internal monorepo sibling dependency; same publisher, same org scope, SLSA provenance present.	ai	2026/04/29

Versions (showing 5 of 5)

Version	Deps	Published
1.1.3	4 / 3	2026-05-03
1.1.2	4 / 3	2026-05-02
1.1.1	4 / 3	2026-05-02
1.1.0	4 / 3	2026-04-27
1.0.0	4 / 3	2026-04-24

v1.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.