@cosmjs/stream — Greenflagged

Utility functions for producing and consuming streams

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

webmaster128kiki-skip

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:xstream	AI (dependencies): xstream is a well-known reactive streams library and has been a stable, long-standing dependency of @cosmjs/stream across all versions. Not a new or suspicious addition.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Established CosmJS package with trusted publisher (webmaster128, 427 approved). Missing gitHead reflects a publish environment change, not a security concern for this package.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): willclarktech is an explicitly listed contributor in package.json and part of the CosmJS/Confio org; the 2021-01-06 transition is a documented legitimate handoff, not a compromise.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): willclarktech is a named contributor in package.json with 287 approved packages and no rejections; addition reflects legitimate org-level maintainer management.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Scoped monorepo utility package; short README and no keywords are typical for internal packages in large monorepos like CosmJS.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Established CosmJS ecosystem package from a trusted publisher with a clean track record; lack of provenance is common and not a risk signal here.	ai	2026/04/21

Versions (showing 51 of 72)

Show 3 prereleases View all versions

Version	Deps	Published
0.39.0	1 / 23	2026-05-04
0.38.1	1 / 23	2025-12-31
0.38.0	1 / 23	2025-12-30
0.37.1	1 / 22	2025-12-31
0.37.0	1 / 22	2025-10-29
0.36.2	1 / 22	2025-10-24
0.36.1	1 / 22	2025-10-02
0.36.0	1 / 22	2025-08-14
0.35.2	1 / 22	2025-10-29
0.35.1	1 / 22	2025-10-22
0.35.0	1 / 22	2025-08-13
0.34.1	1 / 24	2025-10-22
0.34.0	1 / 24	2025-07-11
0.33.1	1 / 33	2025-03-13
0.33.0	1 / 33	2025-01-15
0.32.4	1 / 33	2024-06-26
0.32.3	1 / 33	2024-03-08
0.32.2	1 / 33	2023-12-19
0.32.1	1 / 33	2023-12-04
0.32.0	1 / 33	2023-11-23
0.31.3	1 / 33	2023-10-25
0.31.2	1 / 33	2023-10-24
0.31.1	1 / 33	2023-08-21
0.31.0	1 / 33	2023-06-22
0.30.1	1 / 33	2023-03-22
0.30.0	1 / 33	2023-03-09
0.29.5	1 / 33	2022-12-07
0.29.4	1 / 33	2022-11-15
0.29.3	1 / 33	2022-10-25
0.29.2	1 / 33	2022-10-13
0.29.1	1 / 33	2022-10-09
0.29.0	1 / 33	2022-09-15
0.28.13	1 / 33	2022-08-18
0.28.11	1 / 33	2022-07-13
0.28.10	1 / 33	2022-06-29
0.28.9	1 / 33	2022-06-21
0.28.7	1 / 33	2022-06-14
0.28.6	1 / 33	2022-06-14
0.28.4	1 / 33	2022-04-15
0.28.3	1 / 34	2022-04-11
0.28.2	1 / 34	2022-04-07
0.28.1	1 / 34	2022-03-30
0.28.0	1 / 34	2022-03-17
0.27.1	1 / 34	2022-01-26
0.27.0	1 / 34	2022-01-10
0.26.8	1 / 33	2022-06-21
0.26.6	1 / 34	2022-01-10
0.26.5	1 / 34	2021-11-20
0.26.4	1 / 34	2021-10-28
0.26.3	1 / 34	2021-10-25
0.26.2	1 / 34	2021-10-12