@orderly.network/wallet-connector-privy
The new wallet connector consists of three parts:
5
Versions
ISC
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
orderly.productkai.jiangstognievleo_orderlygoogolev
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Declared in package.json for bundling; phantom-dep heuristic false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@types/lodash | AI (phantom-deps): Type-only dependency; phantom-dep false positive. | ai | |
| phantom-deps | phantom-dep:@solana/web3.js | AI (phantom-deps): Solana wallet adapter dependency; referenced transitively in config, not a phantom. | ai | |
| phantom-deps | phantom-dep:@wagmi/connectors | AI (phantom-deps): Wagmi connector dependency; expected for a wallet connector package. | ai | |
| phantom-deps | phantom-dep:@orderly.network/core | AI (phantom-deps): Same-org sibling dependency; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@abstract-foundation/agw-client | AI (phantom-deps): Abstract wallet client dependency; referenced in config, expected for this connector. | ai | |
| phantom-deps | phantom-dep:@solana/wallet-adapter-react-ui | AI (phantom-deps): Solana wallet adapter UI; expected dependency for this wallet connector package. | ai | |
| phantom-deps | phantom-dep:@solana-mobile/wallet-adapter-mobile | AI (phantom-deps): Solana mobile wallet adapter; expected dependency for this wallet connector package. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 3.1.0 | 23 / 6 | |
| 3.0.4 | 23 / 6 | |
| 3.0.3 | 23 / 6 | |
| 3.0.1 | 23 / 6 | |
| 3.0.0 | 23 / 6 |
v3.1.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.