@dynamic-labs-wallet/node-evm

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

packaging-at-dynamic-labs

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from packaging-at-dynamic-labs to GitHub Actions CI is a standard automation migration for this org.	ai	2026/05/30
phantom-deps	phantom-dep:@dynamic-labs-wallet/core	AI (phantom-deps): Same-org dependency; re-exported transitively rather than directly imported in this wrapper.	ai	2026/05/26
semgrep	semgrep:hex-decode	AI (semgrep): Hex decode is standard EVM tx serialization (strip 0x prefix); not obfuscation.	ai	2026/05/17
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is standard JWT payload parsing; not obfuscation.	ai	2026/05/17
bogus-package	bogus-package	AI (bogus-package): Internal monorepo SDK package; missing metadata is expected for this namespace.	ai	2026/05/17

Versions (showing 100 of 261)

Version	Deps	Published
0.0.281	10 / 3	2026-02-25
0.0.266	10 / 3	2026-02-12
0.0.241	10 / 3	2026-01-12
0.0.233	10 / 3	2026-01-07
0.0.232	10 / 3	2026-01-07
0.0.231	10 / 3	2026-01-05
0.0.230	10 / 3	2025-12-22
0.0.229	10 / 3	2025-12-18
0.0.228	10 / 3	2025-12-17
0.0.227	10 / 3	2025-12-15
0.0.226	10 / 3	2025-12-12
0.0.225	10 / 3	2025-12-08
0.0.224	10 / 3	2025-12-04
0.0.223	10 / 3	2025-12-03
0.0.222	10 / 3	2025-12-03
0.0.221	10 / 3	2025-12-03
0.0.220	10 / 3	2025-12-01
0.0.219	10 / 3	2025-12-01
0.0.218	10 / 3	2025-12-01
0.0.217	10 / 3	2025-12-01
0.0.216	10 / 3	2025-12-01
0.0.215	10 / 3	2025-12-01
0.0.214	10 / 3	2025-12-01
0.0.213	10 / 3	2025-12-01
0.0.212	10 / 3	2025-12-01
0.0.211	10 / 3	2025-11-24
0.0.210	10 / 3	2025-11-24
0.0.209	10 / 3	2025-11-24
0.0.208	10 / 3	2025-11-24
0.0.207	10 / 3	2025-11-24
0.0.206	10 / 3	2025-11-24
0.0.205	10 / 3	2025-11-24
0.0.204	10 / 3	2025-11-24
0.0.203	10 / 3	2025-11-17
0.0.202	10 / 3	2025-11-17
0.0.201	10 / 3	2025-11-17
0.0.200	10 / 3	2025-11-17
0.0.199	10 / 3	2025-11-14
0.0.198	7 / 2	2025-11-13
0.0.197	7 / 2	2025-11-13
0.0.196	7 / 2	2025-11-12
0.0.195	7 / 2	2025-11-11
0.0.194	7 / 2	2025-11-04
0.0.193	7 / 2	2025-11-04
0.0.192	7 / 2	2025-10-31
0.0.191	7 / 2	2025-10-30
0.0.190	7 / 2	2025-10-29
0.0.189	7 / 2	2025-10-28
0.0.188	7 / 2	2025-10-23
0.0.187	7 / 2	2025-10-22
0.0.186	7 / 2	2025-10-22
0.0.184	2 / 2	2025-10-16
0.0.183	2 / 2	2025-10-14
0.0.182	2 / 2	2025-10-09
0.0.181	2 / 2	2025-10-09
0.0.180	2 / 2	2025-10-08
0.0.179	2 / 2	2025-10-08
0.0.178	2 / 2	2025-10-06
0.0.177	2 / 2	2025-10-03
0.0.176	2 / 2	2025-10-03
0.0.175	2 / 2	2025-10-03
0.0.174	2 / 2	2025-10-02
0.0.173	2 / 2	2025-10-02
0.0.172	2 / 2	2025-10-01
0.0.171	2 / 2	2025-10-01
0.0.170	2 / 2	2025-09-30
0.0.169	2 / 2	2025-09-29
0.0.168	1 / 2	2025-09-25
0.0.167	1 / 2	2025-09-25
0.0.166	1 / 2	2025-09-23
0.0.165	1 / 2	2025-09-22
0.0.164	1 / 2	2025-09-19
0.0.163	1 / 2	2025-09-18
0.0.162	1 / 2	2025-09-18
0.0.161	1 / 2	2025-09-18
0.0.160	1 / 2	2025-09-18
0.0.159	1 / 2	2025-09-17
0.0.158	1 / 2	2025-09-11
0.0.157	1 / 2	2025-09-11
0.0.156	1 / 2	2025-09-11
0.0.155	1 / 2	2025-09-09
0.0.144	1 / 2	2025-08-27
0.0.143	1 / 2	2025-08-27
0.0.142	1 / 2	2025-08-21
0.0.141	1 / 2	2025-08-20
0.0.140	1 / 2	2025-08-20
0.0.139	1 / 2	2025-08-19
0.0.138	1 / 2	2025-08-19
0.0.137	1 / 2	2025-08-15
0.0.136	1 / 2	2025-08-15
0.0.135	1 / 2	2025-08-15
0.0.134	1 / 2	2025-08-14
0.0.133	1 / 2	2025-08-12
0.0.132	1 / 2	2025-08-12
0.0.131	1 / 2	2025-08-11
0.0.130	1 / 2	2025-08-11
0.0.129	1 / 2	2025-08-08
0.0.128	1 / 2	2025-08-08
0.0.127	1 / 2	2025-08-07
0.0.126	1 / 2	2025-08-06

Showing 100 of 261 Next page →

v0.0.281

2 findings

HIGH Publisher changed: packaging-at-dynamic-labs → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.