@solana/plugin-interfaces No license 11 versions

@solana/plugin-interfaces

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

solana-devs

Keywords

blockchainsolanaweb3

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	suspicious-initial-version	AI (npm-metadata): solana-devs publishes many @solana/ scoped packages at 0.0.0 as legitimate placeholders/stubs in their monorepo; not indicative of malicious intent.	ai	2026/04/26
bogus-package	bogus-package	AI (bogus-package): Stub/interface package in the @solana/ monorepo; sparse metadata and tiny payload are expected for placeholder packages from this well-established publisher.	ai	2026/04/26
dependencies	unvetted-dep:@solana/rpc-spec	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/addresses	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/keys	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/instruction-plans	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/rpc-subscriptions-spec	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/rpc-types	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25
dependencies	unvetted-dep:@solana/signers	AI (dependencies): Sibling package from the same anza-xyz/kit monorepo, released in lockstep. SLSA provenance on the parent package covers the release pipeline.	ai	2026/04/25

Versions (showing 11 of 11)

Version	Deps	Published
6.9.0	7 / 0	2026-05-06
6.8.0	7 / 0	2026-04-10
6.7.0	7 / 0	2026-04-02
6.6.0	7 / 0	2026-04-01
6.5.0	7 / 0	2026-03-19
6.4.0	7 / 0	2026-03-18
6.3.1	7 / 0	2026-03-12
6.3.0	7 / 0	2026-03-11
6.2.0	7 / 0	2026-03-09
6.1.0	7 / 0	2026-02-16
0.0.0	0 / 0	2026-02-16

v6.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.