@wormhole-labs/wallet-aggregator-xrpl
Implements the base abstractions for the XRP Ledger using GemWallet and Crossmark wallet APIs.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): Org-internal handoff within wormholelabs-xyz; SLSA provenance confirms CI/CD publish integrity. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Paired with maintainer-added; consistent with internal team transition, not a hostile takeover. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Thin README/no keywords are typical for a monorepo sub-package; not indicative of spam or malice. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 1.7.4 | 4 / 3 | |
| 1.7.3 | 4 / 3 | |
| 1.7.2 | 4 / 3 | |
| 1.7.1 | 4 / 3 | |
| 1.7.0 | 3 / 3 |
v1.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.