@rosen-bridge/rosen-extractor

this project contains methods to get rosen data from blockchain

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

zargarzadehmvorujack

Keywords

rosen

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Consistent across all versions of this package; publisher has 11 approved packages with no provenance issues.	ai	2026/05/15
dependencies	unvetted-dep:@rosen-bridge/address-codec	AI (dependencies): First-party @rosen-bridge org dependency; consistent with the rest of the package's dependency graph.	ai	2026/05/15
dependencies	unvetted-dep:ergo-lib-wasm-nodejs	AI (dependencies): Official Ergo blockchain WASM binding; expected for Ergo chain support.	ai	2026/04/28
dependencies	unvetted-dep:@cardano-ogmios/schema	AI (dependencies): Official Cardano Ogmios schema dep; expected for Cardano chain support.	ai	2026/04/28
dependencies	unvetted-dep:@blockfrost/openapi	AI (dependencies): Legitimate Blockfrost API schema dep; consistent with blockchain extractor purpose.	ai	2026/04/28
dependencies	unvetted-dep:@rosen-bridge/abstract-logger	AI (dependencies): First-party @rosen-bridge utility; stable pattern across versions.	ai	2026/04/28
dependencies	unvetted-dep:@rosen-bridge/address-manager	AI (dependencies): First-party @rosen-bridge utility; stable pattern across versions.	ai	2026/04/28
dependencies	unvetted-dep:@rosen-bridge/json-bigint	AI (dependencies): First-party @rosen-bridge utility; stable pattern across versions.	ai	2026/04/28
dependencies	unvetted-dep:@rosen-bridge/tokens	AI (dependencies): First-party @rosen-bridge ecosystem dep; stable pattern across versions.	ai	2026/04/28