@web3auth/modal No license 41 versions

@web3auth/modal

npm Repository Homepage

41

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chaitanyapottiarchit_web3himanshunpm009

Keywords

web3Auth/uiweb3AuthmultichainWalletblockchainethereumsolana

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	encoded-string-file:dist/modal.umd.min.js	AI (source-diff): UMD minified bundle for a large wallet SDK; long encoded strings are normal minification artifacts, not malicious payloads.	ai	2026/06/04
phantom-deps	phantom-dep:vitest	AI (phantom-deps): vitest is a test runner referenced in test configs; phantom-dep false positive for this package.	ai	2026/06/03
phantom-deps	phantom-dep:@web3auth/ws-embed	AI (phantom-deps): Same-org dep; likely used indirectly via re-exports or dynamic imports in the modal bundle.	ai	2026/06/03
phantom-deps	phantom-dep:@toruslabs/base-controllers	AI (phantom-deps): Same-org dep referenced in config files; stable false positive for this package.	ai	2026/06/03
phantom-deps	phantom-dep:copy-to-clipboard	AI (phantom-deps): copy-to-clipboard is a declared runtime dep in package.json; phantom-dep heuristic false positive for this package.	ai	2026/05/31

Versions (showing 41 of 41)

Version	Deps	Published
11.0.1	17 / 33	2026-06-03
11.0.0	17 / 33	2026-06-02
10.16.0	15 / 33	2026-04-30
10.15.0	15 / 33	2026-02-26
10.14.1	15 / 33	2026-02-11
10.14.0	15 / 33	2026-01-27
10.13.2	15 / 33	2026-01-23
10.13.1	15 / 33	2026-01-16
10.13.0	15 / 33	2026-01-15
10.12.0	15 / 33	2026-01-13
10.11.0	15 / 33	2026-01-07
10.10.0	15 / 33	2025-12-12
10.9.1	15 / 33	2025-12-04
10.9.0	15 / 33	2025-12-02
10.8.3	15 / 33	2025-12-01
10.8.2	15 / 33	2025-11-28
10.8.1	15 / 33	2025-11-28
10.8.0	15 / 33	2025-11-19
10.7.0	15 / 33	2025-11-07
10.6.0	15 / 33	2025-11-06
10.5.6	15 / 33	2025-10-30
10.5.5	15 / 33	2025-10-28
10.5.4	15 / 33	2025-10-23
10.5.3	15 / 33	2025-10-21
10.5.2	15 / 33	2025-10-17
10.5.1	15 / 33	2025-10-17
10.5.0	15 / 33	2025-10-16
10.4.0	15 / 33	2025-10-09
10.3.2	15 / 33	2025-10-04
10.3.1	15 / 33	2025-09-12
10.3.0	15 / 33	2025-08-27
10.2.0	15 / 33	2025-08-12
10.1.0	15 / 33	2025-08-04
10.0.7	15 / 33	2025-07-24
10.0.6	15 / 33	2025-07-23
10.0.5	15 / 33	2025-06-27
10.0.4	15 / 33	2025-06-18
10.0.3	14 / 33	2025-06-10
10.0.2	14 / 33	2025-06-02
10.0.1	14 / 33	2025-06-02
10.0.0	14 / 33	2025-05-22

v11.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.16.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.14.1

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 78 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.14.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 78 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.13.2

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 78 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.13.1

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 78 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.13.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.10.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.9.1

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.9.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.8.3

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.8.2

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.8.1

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.8.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.6.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.6

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.5

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 75 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.5.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.4.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.3.2

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.3.1

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.3.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.2.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.1.0

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.0.7

2 findings

HIGH Long encoded string in modified file: dist/modal.umd.min.js source-diff

Modified file contains 74 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.0.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v10.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.