@mysten/wallet-standard

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

ebmifahayespaul-mystenrushrs

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): MystenLabs migrated publishing to GitHub Actions CI/CD with SLSA provenance attestation — a security improvement over personal account publishing. Stable for this package going forward.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy consistent with monorepo migration (ts-sdks). SLSA provenance and official MystenLabs authorship confirm legitimate activity.	ai	2026/04/27
bogus-package	bogus-package	AI (bogus-package): Monorepo sub-package from MystenLabs; missing keywords and terse README are cosmetic issues common in SDK packages, not spam indicators.	ai	2026/04/26
dependencies	unvetted-dep:@wallet-standard/core	AI (dependencies): @wallet-standard/core is the canonical wallet standard library; legitimate and expected dependency for a wallet-standard implementation package.	ai	2026/04/26

Versions (showing 41 of 41)

Version	Deps	Published
0.20.3	1 / 2	2026-05-08
0.20.2	1 / 2	2026-05-08
0.20.1	1 / 3	2026-02-10
0.20.0	1 / 3	2026-01-29
0.19.9	2 / 3	2025-12-02
0.19.8	2 / 3	2025-12-01
0.19.7	2 / 3	2025-11-13
0.19.6	2 / 3	2025-10-31
0.19.5	2 / 3	2025-10-28
0.19.4	2 / 3	2025-10-21
0.19.3	2 / 3	2025-10-17
0.19.2	2 / 3	2025-10-15
0.19.1	2 / 3	2025-10-15
0.19.0	2 / 3	2025-10-10
0.18.1	2 / 3	2025-10-07
0.18.0	2 / 3	2025-10-02
0.17.0	2 / 3	2025-09-10
0.16.14	2 / 3	2025-09-02
0.16.13	2 / 3	2025-08-27
0.16.12	2 / 3	2025-08-21
0.16.11	2 / 3	2025-08-18
0.16.10	2 / 3	2025-08-12
0.16.9	2 / 3	2025-07-29
0.16.8	2 / 3	2025-07-28
0.16.7	2 / 3	2025-07-24
0.16.6	2 / 3	2025-07-21
0.16.5	2 / 3	2025-07-08
0.16.4	2 / 3	2025-07-02
0.16.3	2 / 3	2025-06-20
0.16.2	2 / 3	2025-06-13
0.16.1	2 / 3	2025-06-11
0.16.0	2 / 3	2025-06-10
0.15.6	2 / 3	2025-06-05
0.15.5	2 / 3	2025-06-05
0.15.4	2 / 3	2025-06-05
0.15.3	2 / 3	2025-05-31
0.15.2	2 / 3	2025-05-23
0.15.1	2 / 3	2025-05-20
0.15.0	2 / 3	2025-05-12
0.14.9	2 / 3	2025-05-01
0.14.8	2 / 3	2025-04-28

v0.20.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.0

2 findings

HIGH Publisher changed: ebmifa → GitHub Actions (on 2026-01-29) provenance

This version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.