@swapkit/toolboxes — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chilliostowan

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@meshsdk/core	AI (dependencies): Official Cardano Mesh SDK; matches new cardano toolbox export in this package.	ai	2026/05/11
dependencies	unvetted-dep:near-sdk-js	AI (dependencies): Legitimate NEAR blockchain SDK; expected dependency for a multi-chain toolbox.	ai	2026/05/11
dependencies	unvetted-dep:@psf/bitcoincashjs-lib	AI (dependencies): Bitcoin Cash library; consistent with UTXO toolbox functionality in this package.	ai	2026/05/11
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding used for standard Bitcoin UTXO script construction; not obfuscation.	ai	2026/05/05
phantom-deps	phantom-dep:near-api-js	AI (phantom-deps): Bundled multi-chain toolbox; declared deps may not be directly imported in analyzed entry points.	ai	2026/05/05
phantom-deps	phantom-dep:@noble/hashes	AI (phantom-deps): Same bundled toolbox pattern; stable false positive for this package.	ai	2026/05/05
dependencies	unvetted-dep:@near-js/accounts	AI (dependencies): Official NEAR protocol SDK; expected dep for a multi-chain toolbox with a /near export.	ai	2026/05/01
dependencies	unvetted-dep:starknet	AI (dependencies): Legitimate StarkNet SDK; expected dep for a multi-chain toolbox with a /starknet export.	ai	2026/05/01
phantom-deps	phantom-dep:@mysten/bcs	AI (phantom-deps): @mysten/bcs is listed in both runtime and devDependencies; phantom-dep is a false positive here.	ai	2026/04/29

Versions (showing 51 of 70)

View all versions

Version	Deps	Published
4.17.1	2 / 50	2026-06-03
4.17.0	2 / 50	2026-05-29
4.16.2	2 / 49	2026-05-26
4.16.1	2 / 49	2026-05-26
4.16.0	2 / 49	2026-05-22
4.15.15	2 / 49	2026-05-21
4.15.14	2 / 49	2026-05-12
4.15.13	2 / 49	2026-05-08
4.15.12	2 / 50	2026-05-05
4.15.11	2 / 50	2026-05-04
4.15.10	46 / 49	2026-04-28
4.15.9	46 / 49	2026-04-27
4.15.8	46 / 49	2026-04-27
4.15.7	46 / 49	2026-04-24
4.15.6	46 / 49	2026-04-22
4.15.5	46 / 49	2026-04-22
4.15.4	46 / 49	2026-04-22
4.15.3	46 / 49	2026-04-20
4.15.2	46 / 49	2026-04-17
4.15.1	46 / 49	2026-04-17
4.15.0	46 / 49	2026-04-17
4.14.5	46 / 49	2026-04-16
4.14.4	46 / 49	2026-04-15
4.14.3	46 / 49	2026-04-15
4.14.2	46 / 49	2026-04-13
4.14.1	46 / 49	2026-04-13
4.14.0	46 / 49	2026-04-13
4.13.3	46 / 49	2026-04-07
4.13.2	46 / 49	2026-04-06
4.13.1	46 / 49	2026-04-02
4.3.10	48 / 54	2025-12-01
4.3.7	48 / 54	2025-11-26
4.3.4	48 / 54	2025-11-24
4.3.3	48 / 54	2025-11-23
4.3.2	48 / 54	2025-11-21
4.1.13	42 / 49	2025-10-31
4.1.12	42 / 49	2025-10-29
4.1.11	42 / 49	2025-10-24
4.1.8	42 / 49	2025-10-17
4.1.4	42 / 49	2025-10-13
4.1.3	42 / 49	2025-10-09
4.1.0	42 / 49	2025-10-03
4.0.27	37 / 42	2025-09-30
4.0.26	37 / 42	2025-09-30
4.0.25	37 / 42	2025-09-29
4.0.24	37 / 42	2025-09-26
4.0.23	37 / 42	2025-09-26
4.0.22	37 / 42	2025-09-25
4.0.21	37 / 42	2025-09-25
4.0.20	37 / 42	2025-09-23
4.0.19	37 / 42	2025-09-22