@reyaxyz/sdk
<p align="center"> API sdk for the Reya Network </p>
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established scoped package with consistent publishing pattern; lack of provenance is a known gap for this package family. | ai | |
| bogus-package | bogus-package | AI (bogus-package): 667 versions over 835 days; sparse metadata is a style choice, not spam for this active org-scoped SDK. | ai | |
| phantom-deps | phantom-dep:axios | AI (phantom-deps): axios is declared as a direct dependency in package.json; phantom-dep is a false positive here. | ai |
Versions (showing 51 of 163)
| Version | Deps | Published |
|---|---|---|
| 0.149.12 | 5 / 0 | |
| 0.149.11 | 5 / 0 | |
| 0.149.10 | 5 / 0 | |
| 0.149.9 | 5 / 0 | |
| 0.149.8 | 5 / 0 | |
| 0.149.7 | 5 / 0 | |
| 0.149.6 | 5 / 0 | |
| 0.149.4 | 5 / 0 | |
| 0.149.3 | 5 / 0 | |
| 0.149.2 | 5 / 0 | |
| 0.149.1 | 5 / 0 | |
| 0.149.0 | 5 / 0 | |
| 0.148.0 | 5 / 0 | |
| 0.147.4 | 5 / 0 | |
| 0.147.3 | 5 / 0 | |
| 0.147.2 | 5 / 0 | |
| 0.147.1 | 5 / 0 | |
| 0.147.0 | 5 / 0 | |
| 0.146.8 | 5 / 0 | |
| 0.146.7 | 5 / 0 | |
| 0.146.6 | 5 / 0 | |
| 0.146.5 | 5 / 0 | |
| 0.146.4 | 5 / 0 | |
| 0.146.3 | 5 / 0 | |
| 0.146.2 | 5 / 0 | |
| 0.146.1 | 5 / 0 | |
| 0.146.0 | 5 / 0 | |
| 0.145.3 | 5 / 0 | |
| 0.145.2 | 5 / 0 | |
| 0.145.1 | 5 / 0 | |
| 0.145.0 | 5 / 0 | |
| 0.144.2 | 5 / 0 | |
| 0.144.1 | 5 / 0 | |
| 0.144.0 | 5 / 0 | |
| 0.143.2 | 5 / 0 | |
| 0.143.1 | 5 / 0 | |
| 0.143.0 | 5 / 0 | |
| 0.142.25 | 5 / 0 | |
| 0.142.24 | 5 / 0 | |
| 0.142.23 | 5 / 0 | |
| 0.142.22 | 5 / 0 | |
| 0.142.21 | 5 / 0 | |
| 0.142.19 | 5 / 0 | |
| 0.142.18 | 5 / 0 | |
| 0.142.17 | 5 / 0 | |
| 0.142.16 | 5 / 0 | |
| 0.142.15 | 5 / 0 | |
| 0.142.14 | 5 / 0 | |
| 0.142.13 | 5 / 0 | |
| 0.142.12 | 5 / 0 | |
| 0.142.11 | 5 / 0 |
v0.149.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.149.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.148.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.147.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.147.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.147.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.147.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.146.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.146.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.146.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.145.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.145.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.145.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.145.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.144.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.144.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.144.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.143.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.143.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.143.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.142.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.142.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.