chain-registry
Cosmos chain registry ⚛️
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): chain-registry is a static data package listing blockchain RPC endpoints; raw IP addresses are legitimate devnet/testnet endpoint addresses, not malicious links. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): chain-registry lists hundreds of blockchain provider endpoints; non-standard TLDs (.xyz, etc.) are common among blockchain infrastructure providers and are static data strings, not executed code. | ai | |
| provenance | no-provenance | AI (provenance): Established publisher (pyramation, 7+ years, 20 approved packages); absence of Sigstore provenance is common and not a meaningful risk signal here. | ai |
Versions (showing 51 of 1175)
| Version | Deps | Published |
|---|---|---|
| 2.0.216 | 1 / 0 | |
| 2.0.215 | 1 / 0 | |
| 2.0.214 | 1 / 0 | |
| 2.0.213 | 1 / 0 | |
| 2.0.212 | 1 / 0 | |
| 2.0.211 | 1 / 0 | |
| 2.0.210 | 1 / 0 | |
| 2.0.209 | 1 / 0 | |
| 2.0.208 | 1 / 0 | |
| 2.0.207 | 1 / 0 | |
| 2.0.206 | 1 / 0 | |
| 2.0.205 | 1 / 0 | |
| 2.0.204 | 1 / 0 | |
| 2.0.203 | 1 / 0 | |
| 2.0.202 | 1 / 0 | |
| 2.0.201 | 1 / 0 | |
| 2.0.200 | 1 / 0 | |
| 2.0.199 | 1 / 0 | |
| 2.0.198 | 1 / 0 | |
| 2.0.197 | 1 / 0 | |
| 2.0.196 | 1 / 0 | |
| 2.0.195 | 1 / 0 | |
| 2.0.194 | 1 / 0 | |
| 2.0.193 | 1 / 0 | |
| 2.0.192 | 1 / 0 | |
| 2.0.191 | 1 / 0 | |
| 2.0.190 | 1 / 0 | |
| 2.0.189 | 1 / 0 | |
| 2.0.188 | 1 / 0 | |
| 2.0.187 | 1 / 0 | |
| 2.0.186 | 1 / 0 | |
| 2.0.185 | 1 / 0 | |
| 2.0.184 | 1 / 0 | |
| 2.0.183 | 1 / 0 | |
| 2.0.182 | 1 / 0 | |
| 2.0.181 | 1 / 0 | |
| 2.0.180 | 1 / 0 | |
| 2.0.179 | 1 / 0 | |
| 2.0.178 | 1 / 0 | |
| 2.0.177 | 1 / 0 | |
| 2.0.176 | 1 / 0 | |
| 2.0.175 | 1 / 0 | |
| 2.0.174 | 1 / 0 | |
| 2.0.173 | 1 / 0 | |
| 2.0.172 | 1 / 0 | |
| 2.0.171 | 1 / 0 | |
| 2.0.170 | 1 / 0 | |
| 2.0.169 | 1 / 0 | |
| 2.0.167 | 1 / 0 | |
| 2.0.166 | 1 / 0 | |
| 2.0.165 | 1 / 0 |
v2.0.216
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.215
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.214
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.213
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.212
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.211
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.210
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.209
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.208
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.207
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.206
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.205
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.204
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.203
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.202
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.201
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.200
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.199
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.198
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.197
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.196
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.195
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.193
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.192
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.