@t2000/cli
A bank account for AI agents on Sui — guided setup, MCP integration, send, save, borrow, swap. Same 40 tools as the engine, scriptable from any shell.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/chunk-2JUMTEBB.js | AI (source-diff): Bundled tsup output containing Sui SDK and standard library imports. The net+exec pattern is from legitimate blockchain SDK usage, not dropper malware. | ai | |
| source-diff | net-exec-file:dist/dist-UDCEDQVB.js | AI (source-diff): Bundled tsup output containing ajv and internal SDK imports. Standard bundler artifact, not malicious loader. | ai | |
| source-diff | net-exec-file:dist/chunk-FSSTF3LM.js | AI (source-diff): Bundled tsup output for a Sui DeFi CLI; network calls come from Sui SDK and HTTP client libs, dynamic require is standard ESM compat shim. No malicious payload. | ai | |
| source-diff | net-exec-file:dist/dist-55H37ULN.js | AI (source-diff): Same bundled tsup output pattern; imports ajv, Sui SDK, and internal chunks. No dropper/loader behavior evident in samples. | ai | |
| source-diff | obfuscated-file:dist/client-KQCHOXLV.js | AI (source-diff): Long lines are minified/bundled output from tsup, not intentional obfuscation. Content references standard viem error types consistent with DeFi CLI tooling. | ai | |
| source-diff | net-exec-file:dist/chunk-IEDON62D.js | AI (source-diff): Standard tsup/esbuild bundled output for a Sui DeFi CLI tool; imports are from @mysten/sui SDK. Network+exec pattern is a false positive for bundled CLI dependencies. | ai | |
| source-diff | net-exec-file:dist/dist-UOEUHDJW.js | AI (source-diff): Standard tsup/esbuild bundled output; contains ajv and other legitimate dependencies bundled via __commonJS shim. No malicious patterns visible. | ai | |
| source-diff | net-exec-file:dist/chunk-FM4762OE.js | AI (source-diff): Bundled CLI output for a Sui blockchain wallet; network calls and dynamic require shims are expected in tsup-built ESM artifacts. Not malicious. | ai | |
| source-diff | net-exec-file:dist/dist-ZTFOTMJO.js | AI (source-diff): Same as above — standard bundler output chunk with AJV and Sui SDK imports. Network + dynamic patterns are inherent to this CLI tool's legitimate function. | ai | |
| provenance | no-provenance | AI (provenance): Package predates provenance adoption; no other risk signals. Low finding, acceptable for this package. | ai | |
| source-diff | net-exec-file:dist/dist-MJOXMRDV.js | AI (source-diff): Same tsup bundle pattern as chunk-BPTNEFB5.js. Imports ajv and internal chunks; no obfuscation. Consistent with legitimate DeFi CLI build output. | ai | |
| source-diff | net-exec-file:dist/chunk-BPTNEFB5.js | AI (source-diff): This is tsup-bundled output for a Sui blockchain CLI. Network calls are Sui RPC; dynamic require is a standard ESM shim. Source maps are present. Pattern is stable for this package. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): @t2000/cli is a Sui blockchain CLI tool with no relation to the joi validation library; the name similarity is purely coincidental and not impersonation. | ai |
Versions (showing 37 of 37)
| Version | Deps | Published |
|---|---|---|
| 0.46.16 | 0 / 13 | |
| 0.36.4 | 0 / 13 | |
| 0.36.3 | 0 / 13 | |
| 0.36.2 | 0 / 13 | |
| 0.36.1 | 0 / 13 | |
| 0.36.0 | 0 / 13 | |
| 0.35.2 | 0 / 13 | |
| 0.35.1 | 0 / 13 | |
| 0.35.0 | 0 / 13 | |
| 0.33.2 | 0 / 13 | |
| 0.33.0 | 0 / 13 | |
| 0.32.0 | 0 / 13 | |
| 0.31.3 | 0 / 13 | |
| 0.31.1 | 0 / 13 | |
| 0.31.0 | 0 / 13 | |
| 0.28.9 | 0 / 13 | |
| 0.28.8 | 0 / 13 | |
| 0.28.7 | 0 / 13 | |
| 0.28.6 | 0 / 13 | |
| 0.28.5 | 0 / 13 | |
| 0.28.4 | 0 / 13 | |
| 0.28.3 | 0 / 13 | |
| 0.28.2 | 0 / 13 | |
| 0.28.1 | 0 / 13 | |
| 0.28.0 | 0 / 13 | |
| 0.27.0 | 0 / 13 | |
| 0.22.25 | 0 / 13 | |
| 0.22.24 | 0 / 13 | |
| 0.22.23 | 0 / 13 | |
| 0.21.1 | 7 / 5 | |
| 0.21.0 | 7 / 5 | |
| 0.2.7 | 8 / 4 | |
| 0.1.4 | 7 / 4 | |
| 0.1.3 | 7 / 4 | |
| 0.1.2 | 7 / 4 | |
| 0.1.1 | 7 / 4 | |
| 0.1.0 | 7 / 4 |
v0.46.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.36.4
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.3
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.2
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.1
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.36.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.2
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.1
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.33.2
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.33.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.32.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.3
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.1
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.9
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.8
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.7
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.6
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.5
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.4
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.3
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.2
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.1
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.0
4 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.25
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.24
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.21.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.