@privy-io/server-auth — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

payton-privysternhenriasta-liprivy-botahollenbachankushswar1joshnaviprivyandrewprivyadmin

Keywords

authenticationauthorizationidentityprivacyprivyuser dataweb3

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/dts/public-C1ux8ec7.d.mts	AI (source-diff): TypeScript declaration file with long lines; not obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-BuHGq2ma.d.mts	AI (source-diff): Rolled-up TypeScript declaration file; long lines from type merging.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-DND8niKQ.d.mts	AI (source-diff): Rolled-up TypeScript declaration file; long lines from type unions.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-DQ5eO1J3.d.mts	AI (source-diff): Rolled-up TypeScript declaration file; long lines from type merging.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-BAGJecXe.d.mts	AI (source-diff): TypeScript declaration file with long type lines; not obfuscated.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-BBNB77KM.d.mts	AI (source-diff): Rolled-up .d.mts type declaration; long lines from type merging.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-C6oXB-Z2.d.mts	AI (source-diff): Bundled TypeScript declaration file; long lines from type exports.	ai	2026/05/14
publish-pattern	dormant-publish	AI (publish-pattern): Publisher privy-bot has 53 approved packages; dormancy reflects org workflow, not takeover.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-B2v7b6Xx.d.mts	AI (source-diff): Bundled TypeScript declaration file; long lines expected.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-BVWcMoQn.d.mts	AI (source-diff): Bundled type declaration file; not obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-b_IxFqo5.d.mts	AI (source-diff): Bundled type declarations; long lines from type exports.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-LncPfz4E.d.mts	AI (source-diff): Rolled-up TypeScript declaration file.	ai	2026/05/14
phantom-deps	phantom-dep:type-fest	AI (phantom-deps): Type-only dep consumed at build time; not directly imported at runtime.	ai	2026/05/14
phantom-deps	phantom-dep:dotenv	AI (phantom-deps): Used in test/config; declared runtime dep is harmless.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/utils-D9BZ7JAH.js	AI (source-diff): Rollup-minified CJS bundle; utility/conversion functions.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/utils-DDjlFg8J.mjs	AI (source-diff): Rollup-minified ESM bundle; mirrors CJS utils.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/wallet-api/utils.js	AI (source-diff): Rollup-minified CJS bundle; crypto utility code.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/utils-DRjOr8oi.mjs	AI (source-diff): Rollup-minified ESM bundle; utility code.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/wallet-api/utils.mjs	AI (source-diff): Rollup-minified ESM bundle; crypto utility code.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-DFSWLV8S.d.mts	AI (source-diff): Generated TypeScript declaration file with long type lines.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/utils-2_PewCqC.js	AI (source-diff): Rollup-minified CJS bundle; readable utility code.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/client.js	AI (source-diff): Rollup-minified CJS build output; readable business logic, no obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/wallet-api/index.mjs	AI (source-diff): Rollup-minified ESM build output; readable business logic.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/utils-C7u2kNB0.mjs	AI (source-diff): Rollup-minified ESM build output; readable utility functions.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/index.d.mts	AI (source-diff): TypeScript declaration file with long lines; not obfuscated.	ai	2026/05/14
source-diff	obfuscated-file:dist/dts/public-Cpeu2dI0.d.mts	AI (source-diff): TypeScript declaration file with long lines; not obfuscated.	ai	2026/05/14
source-diff	large-new-source-files	AI (source-diff): Build restructured from single files to Rollup chunks; expected for this package.	ai	2026/05/14
source-diff	source-size-dropped	AI (source-diff): Rollup bundling reduced file count/size; normal build tooling change.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/client.mjs	AI (source-diff): Rollup-minified ESM build output; readable business logic.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/utils-b_q_8DAC.js	AI (source-diff): Rollup-minified CJS build output; readable utility functions.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/wallet-api/index.js	AI (source-diff): Rollup-minified CJS build output; readable business logic.	ai	2026/05/14
source-diff	obfuscated-file:dist/cjs/wallet-api/rpc/ethereum.js	AI (source-diff): Rollup-minified CJS build output; readable business logic.	ai	2026/05/14
source-diff	obfuscated-file:dist/esm/wallet-api/rpc/ethereum.mjs	AI (source-diff): Rollup-minified ESM build output; readable business logic.	ai	2026/05/14

Versions (showing 34 of 34)

Version	Deps	Published
1.32.5	15 / 24	2025-09-17
1.32.4	15 / 24	2025-09-16
1.32.3	15 / 24	2025-09-15
1.32.2	15 / 24	2025-08-29
1.32.1	15 / 24	2025-08-29
1.32.0	15 / 24	2025-08-25
1.31.1	15 / 24	2025-08-15
1.31.0	15 / 24	2025-08-07
1.30.0	14 / 24	2025-08-04
1.29.0	14 / 24	2025-07-29
1.28.8	14 / 24	2025-07-22
1.28.7	14 / 24	2025-07-21
1.28.6	14 / 24	2025-07-18
1.28.5	14 / 24	2025-07-17
1.28.4	14 / 24	2025-07-14
1.28.3	14 / 24	2025-07-10
1.28.2	14 / 24	2025-07-02
1.28.1	14 / 24	2025-06-26
1.28.0	14 / 24	2025-06-25
1.27.4	14 / 24	2025-06-20
1.27.3	14 / 24	2025-06-18
1.27.2	14 / 24	2025-06-18
1.27.1	14 / 24	2025-06-13
1.27.0	14 / 24	2025-06-09
1.26.2	14 / 24	2025-06-06
1.26.1	14 / 24	2025-06-04
1.26.0	12 / 26	2025-06-03
1.25.1	12 / 26	2025-06-02
1.25.0	12 / 24	2025-05-30
1.24.0	12 / 24	2025-05-30
1.23.0	12 / 24	2025-05-27
1.22.2	12 / 24	2025-05-23
1.22.1	12 / 24	2025-05-16
1.18.4	11 / 14	2025-01-30

v1.32.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.