← Home

@taquito/rpc

npm Repository Homepage
8
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jevonearthroxaneletourneauhui-an.yanggimbrailo.ecad

Keywords

taquitotezostypescriptblockchainrpcclient

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:pg AI (typosquat): @taquito/rpc is a scoped package in the well-established Taquito ecosystem with 249 versions; no plausible impersonation of the unrelated 'pg' PostgreSQL package. ai
dependencies unvetted-dep:@taquito/core AI (dependencies): First-party sibling package from the same Taquito monorepo, always co-released at the same version. ai
dependencies unvetted-dep:@taquito/utils AI (dependencies): First-party sibling package from the same Taquito monorepo, always co-released at the same version. ai
dependencies unvetted-dep:@taquito/http-utils AI (dependencies): First-party sibling package from the same Taquito monorepo, always co-released at the same version. ai

Versions (showing 8 of 8)

Version Deps Published
24.3.0 4 / 21
24.2.0 5 / 26
24.1.0 5 / 26
24.0.2 5 / 26
24.0.1 5 / 26
24.0.0 5 / 26
23.1.0 4 / 26
23.0.3 4 / 25

v24.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v24.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v24.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v23.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v23.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.