@swapkit/wallet-hardware SEE LICENSE IN LICENSE 22 versions

@swapkit/wallet-hardware

npm Repository Homepage

SwapKit - Wallet Hardware

22

Versions

SEE LICENSE IN LICENSE

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chilliostowan

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): @scure/bip32 is a well-audited cryptographic library appropriate for a hardware wallet package.	ai	2026/05/19
phantom-deps	phantom-dep:@cosmjs/proto-signing	AI (phantom-deps): Config-only reference; stable false positive for this package.	ai	2026/05/19
phantom-deps	phantom-dep:cosmjs-types	AI (phantom-deps): Config-only reference; stable false positive for this package.	ai	2026/05/19
dependencies	unvetted-dep:@keepkey/keepkey-sdk	AI (dependencies): Expected dependency for KeepKey hardware wallet support; stable for this package.	ai	2026/05/05
semgrep	semgrep:base64-decode	AI (semgrep): Decoding XRP tx blob from base64 to hex is standard hardware wallet signing; not obfuscation.	ai	2026/04/29
phantom-deps	phantom-dep:@ledgerhq/wallet-api-client	AI (phantom-deps): @ledgerhq/wallet-api-client is declared as a runtime dep and likely used indirectly; phantom-dep heuristic false positive for this package.	ai	2026/04/29
semgrep	semgrep:hex-decode	AI (semgrep): Converting Ledger public key from hex to base64 is standard crypto key encoding; not malicious.	ai	2026/04/29

Versions (showing 22 of 22)

Version	Deps	Published
4.9.18	32 / 28	2026-06-03
4.9.17	32 / 28	2026-05-26
4.9.16	32 / 28	2026-05-25
4.9.15	32 / 28	2026-05-25
4.9.14	32 / 28	2026-05-22
4.9.13	32 / 28	2026-05-21
4.9.12	32 / 28	2026-05-20
4.9.11	32 / 28	2026-05-11
4.9.5	31 / 27	2026-04-27
4.9.4	31 / 27	2026-04-27
4.8.1	31 / 27	2026-04-17
4.6.3	29 / 26	2026-04-15
4.6.2	29 / 26	2026-04-14
4.6.1	29 / 26	2026-04-06
4.6.0	29 / 26	2026-04-02
4.2.3	25 / 22	2025-11-23
4.2.2	25 / 22	2025-11-21
4.1.42	17 / 15	2025-11-05
4.1.40	17 / 15	2025-10-31
4.1.1	16 / 14	2025-08-26
4.1.0	16 / 14	2025-08-26
4.0.0	16 / 14	2025-08-22

v4.9.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.9.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.2.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.42

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.40

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.