@rev-net/core-v6 — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

me.jango

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	rapid-publish	AI (publish-pattern): Package has 71 versions in 80 days; automated rapid publishing is the established release pattern here.	ai	2026/05/26
dependencies	unvetted-dep:@uniswap/permit2	AI (dependencies): GitHub-pinned to specific commit of official Uniswap/permit2 repo; used only in Foundry config, not runtime JS.	ai	2026/05/13
npm-metadata	url-dep:@uniswap/permit2	AI (npm-metadata): Uniswap/permit2 is not published to npm; commit-pinned GitHub dep is the standard approach for this Solidity package.	ai	2026/05/13
phantom-deps	phantom-dep:@uniswap/permit2	AI (phantom-deps): Used only in Foundry remappings/config, not imported in JS code; expected pattern for Solidity dependency packages.	ai	2026/05/13
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall patches Solidity pragma versions across node_modules for compiler compatibility — no network access, no obfuscation, benign sed substitution consistent with this Solidity library package's purpose.	ai	2026/04/26
bogus-package	bogus-package	AI (bogus-package): README link dump is typical of Solidity contract packages listing deployed addresses and docs. No keywords is minor. Not indicative of spam or phishing for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/swap-terminal-v6	AI (phantom-deps): Foundry/Solidity project uses npm deps as remapping sources in foundry.toml, not JS imports. This pattern is standard for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@openzeppelin/contracts	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/buyback-hook-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@croptop/core-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/router-terminal-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/permission-ids-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@uniswap/v4-core	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/core-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/ownable-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/suckers-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@uniswap/v4-periphery	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26
phantom-deps	phantom-dep:@bananapus/721-hook-v6	AI (phantom-deps): Solidity/Foundry package; deps are referenced in config remappings, not JS imports. Phantom-dep findings are expected for this package type.	ai	2026/04/26

Versions (showing 51 of 53)

View all versions

Version	Deps	Published
0.0.74	10 / 3	2026-05-25
0.0.71	10 / 3	2026-05-24
0.0.69	10 / 3	2026-05-24
0.0.66	10 / 3	2026-05-23
0.0.65	10 / 3	2026-05-23
0.0.64	10 / 3	2026-05-23
0.0.63	10 / 3	2026-05-22
0.0.62	10 / 3	2026-05-21
0.0.61	10 / 3	2026-05-21
0.0.58	10 / 3	2026-05-18
0.0.57	10 / 3	2026-05-18
0.0.56	10 / 3	2026-05-15
0.0.55	10 / 3	2026-05-15
0.0.54	10 / 3	2026-05-15
0.0.53	10 / 3	2026-05-13
0.0.52	10 / 3	2026-05-13
0.0.51	10 / 3	2026-05-13
0.0.47	10 / 3	2026-05-09
0.0.46	10 / 3	2026-05-08
0.0.45	10 / 3	2026-05-08
0.0.43	10 / 3	2026-05-06
0.0.40	10 / 3	2026-05-05
0.0.37	11 / 2	2026-04-29
0.0.36	11 / 2	2026-04-26
0.0.35	11 / 2	2026-04-20
0.0.34	11 / 2	2026-04-20
0.0.33	11 / 2	2026-04-20
0.0.32	11 / 2	2026-04-20
0.0.31	11 / 2	2026-04-19
0.0.30	11 / 2	2026-04-09
0.0.29	11 / 2	2026-04-09
0.0.28	11 / 2	2026-04-07
0.0.27	11 / 1	2026-04-07
0.0.26	11 / 1	2026-04-06
0.0.25	11 / 1	2026-03-31
0.0.24	11 / 1	2026-03-31
0.0.23	11 / 1	2026-03-31
0.0.22	11 / 1	2026-03-31
0.0.21	11 / 1	2026-03-29
0.0.20	11 / 1	2026-03-29
0.0.19	11 / 1	2026-03-29
0.0.18	11 / 1	2026-03-28
0.0.17	11 / 1	2026-03-25
0.0.16	11 / 1	2026-03-25
0.0.15	11 / 1	2026-03-21
0.0.14	11 / 1	2026-03-18
0.0.13	11 / 1	2026-03-18
0.0.12	11 / 1	2026-03-14
0.0.11	11 / 1	2026-03-13
0.0.7	8 / 1	2026-03-08
0.0.3	8 / 1	2026-03-07