← Home

@turnkey/viem

npm Repository Homepage
8
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

andrewtkr-n-ojack-kearney-tkhq

Keywords

TurnkeyViemcustom accountaccountwalletsigner

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@openzeppelin/contracts AI (phantom-deps): Solidity contracts dependency referenced in hardhat/compile config, not a JS import; false positive for this package. ai
typosquat typosquat.levenshtein:vite AI (typosquat): @turnkey/viem is intentionally named for the viem library, not a typo of vite. ai
phantom-deps phantom-dep:cross-fetch AI (phantom-deps): cross-fetch is a declared runtime dependency; phantom-dep heuristic is a false positive here. ai

Versions (showing 8 of 8)

Version Deps Published
0.14.30 8 / 4
0.14.29 8 / 4
0.14.28 8 / 4
0.9.10 6 / 4
0.9.5 6 / 4
0.9.3 6 / 4
0.9.2 6 / 4
0.9.1 6 / 4

v0.14.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.28

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.