@stellar/stellar-base
Low-level support library for the Stellar network.
6
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stellar-npm-cistellar-npmquietbitsjaceknfnando_sdfcassiomgpiyalbasu
Keywords
stellar
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding is used to deserialize XDR transaction envelopes — a core, documented operation for the Stellar protocol SDK. Not obfuscation. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding is used for MemoHash/MemoReturn values in Stellar transaction memos — standard blockchain SDK functionality, not malicious payload hiding. | ai | |
| dependencies | unvetted-dep:@stellar/js-xdr | AI (dependencies): @stellar/js-xdr is a first-party Stellar Development Foundation package, appropriate dependency for this SDK. | ai | |
| dependencies | unvetted-dep:base32.js | AI (dependencies): base32.js is a standard encoding utility; its use in a blockchain SDK for address encoding is expected and benign. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 15.0.0 | 6 / 48 | |
| 14.1.0 | 6 / 48 | |
| 14.0.4 | 6 / 48 | |
| 14.0.3 | 6 / 48 | |
| 14.0.2 | 6 / 48 | |
| 14.0.1 | 6 / 48 |
v14.0.4
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.