@zilliqa-js/crypto
Core crypto utilities for signing/verification/hashing Zilliqa transactions.
1
Versions
GPL-3.0
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
lukozilltroelsfrinamirandazzilliqateamfluffypancake5436zilliqaofficial
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:bcrypt | AI (typosquat): @zilliqa-js/crypto is the official Zilliqa SDK crypto package, scoped under @zilliqa-js. No impersonation of bcrypt; names are semantically unrelated and the scoped namespace makes typosquatting implausible. | ai | |
| dependencies | unvetted-dep:elliptic | AI (dependencies): elliptic is a standard, widely-used ECC library; expected dependency for a blockchain crypto utility package. | ai | |
| dependencies | unvetted-dep:hash.js | AI (dependencies): hash.js is a standard hashing library commonly used alongside elliptic; expected in a blockchain crypto package. | ai | |
| dependencies | unvetted-dep:hmac-drbg | AI (dependencies): hmac-drbg is a standard deterministic random bit generator used in ECC signing; expected in a blockchain crypto package. | ai | |
| dependencies | unvetted-dep:scrypt-js | AI (dependencies): scrypt-js is a standard scrypt key derivation library; expected in a crypto/wallet package for key derivation. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 3.5.0 | 12 / 38 |