@wormhole-labs/wallet-aggregator-evm No license 11 versions

@wormhole-labs/wallet-aggregator-evm

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

w7-davetonyjinkev1n-peters

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:shady-links-tlds	AI (semgrep): RPC endpoint URLs for blockchain networks (e.g. rpc.mantle.xyz) are legitimate infrastructure, not C2.	ai	2026/05/18
semgrep	semgrep:hex-decode	AI (semgrep): Hex decode is stripping 0x prefix from an ethers.js signature — standard EVM wallet pattern, not malicious.	ai	2026/05/18
phantom-deps	phantom-dep:versions	AI (phantom-deps): Declared dependency; phantom-dep heuristic false positive for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@walletconnect/modal	AI (phantom-deps): Peer/transitive usage pattern for WalletConnect modal; stable false positive for this package.	ai	2026/05/18

Versions (showing 11 of 11)

Version	Deps	Published
1.7.3	7 / 5	2026-05-01
1.7.2	7 / 5	2026-03-11
1.7.1	7 / 5	2026-03-10
1.7.0	7 / 5	2026-03-05
1.6.0	7 / 5	2026-02-11
1.5.1	7 / 5	2026-02-09
1.5.0	7 / 5	2026-02-09
1.4.0	7 / 5	2025-12-17
1.3.3	7 / 5	2025-11-21
1.3.2	7 / 5	2025-11-20
1.3.1	7 / 4	2025-10-29

v1.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.