@phantom/perps-client No license 7 versions

@phantom/perps-client

npm Repository Homepage

Hyperliquid perpetuals client for Phantom Wallet

7

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

joe-phantomfragostiphantom-security-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:base64-decode	AI (semgrep): URL-safe base64 normalization for crypto key/signature decoding; stable legitimate pattern in this SDK.	ai	2026/05/04
phantom-deps	phantom-dep:@phantom/client	AI (phantom-deps): Same-org monorepo dep; likely re-exported rather than directly imported in this package.	ai	2026/04/29
phantom-deps	phantom-dep:@phantom/phantom-api-client	AI (phantom-deps): Same-org monorepo dep; likely re-exported rather than directly imported in this package.	ai	2026/04/29
phantom-deps	phantom-dep:axios	AI (phantom-deps): Referenced in config files; stable false positive for this package.	ai	2026/04/29

Versions (showing 7 of 7)

Version	Deps	Published
1.2.1	6 / 8	2026-04-27
1.2.0	6 / 8	2026-04-17
1.1.0	6 / 8	2026-04-17
1.0.0	5 / 8	2026-04-10
0.1.4	5 / 8	2026-03-25
0.1.3	5 / 8	2026-03-25
0.1.1	4 / 8	2026-03-20

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.