@phantom/mcp-server
MCP Server for Phantom Wallet
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@modelcontextprotocol/sdk | AI (phantom-deps): Bundled CLI; dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/base64url | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/sdk-types | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/perps-client | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/api-key-stamper | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| source-diff | obfuscated-file:dist/cli.js | AI (source-diff): dist/cli.js is a tsup/esbuild CLI bundle; long lines are minified deps, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/cli.js | AI (source-diff): Network + dynamic require is expected in a bundled MCP server CLI; no dropper pattern evident. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase reflects bundling all deps into a single CLI artifact; expected for this package. | ai | |
| phantom-deps | phantom-dep:bs58 | AI (phantom-deps): Bundled CLI; deps are inlined into dist/cli.js and won't appear as direct imports. | ai | |
| phantom-deps | phantom-dep:axios | AI (phantom-deps): Bundled CLI; deps are inlined into dist/cli.js and won't appear as direct imports. | ai | |
| phantom-deps | phantom-dep:@phantom/auth2 | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/utils | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/crypto | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@solana/web3.js | AI (phantom-deps): Bundled CLI; dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:qrcode-terminal | AI (phantom-deps): Bundled CLI; dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@phantom/parsers | AI (phantom-deps): Bundled CLI; same-org dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:@solana/spl-token | AI (phantom-deps): Bundled CLI; dep inlined into dist/cli.js. | ai | |
| phantom-deps | phantom-dep:openid-client | AI (phantom-deps): openid-client is a direct runtime dependency; false positive in monorepo context. | ai | |
| phantom-deps | phantom-dep:@phantom/constants | AI (phantom-deps): Workspace dependency in monorepo; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@phantom/server-sdk | AI (phantom-deps): Workspace dependency in monorepo; stable pattern for this package. | ai | |
| dependencies | unvetted-dep:@phantom/cli | AI (dependencies): Sibling package from the same phantom-connect-sdk monorepo; expected internal dependency. | ai |
Versions (showing 20 of 20)
| Version | Deps | Published |
|---|---|---|
| 1.2.7 | 1 / 4 | |
| 1.2.6 | 1 / 4 | |
| 1.2.5 | 1 / 4 | |
| 1.2.4 | 1 / 4 | |
| 1.2.3 | 1 / 4 | |
| 1.2.2 | 1 / 4 | |
| 1.2.1 | 1 / 4 | |
| 1.2.0 | 1 / 4 | |
| 1.1.0 | 1 / 4 | |
| 1.0.4 | 17 / 10 | |
| 1.0.3 | 17 / 10 | |
| 1.0.2 | 17 / 10 | |
| 1.0.1 | 17 / 10 | |
| 1.0.0 | 17 / 10 | |
| 0.1.5 | 14 / 9 | |
| 0.1.4 | 14 / 9 | |
| 0.1.3 | 14 / 9 | |
| 0.1.2 | 14 / 9 | |
| 0.1.1 | 14 / 9 | |
| 0.1.0 | 11 / 9 |
v1.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.