@injectivelabs/wallet-ledger
Ledger wallet strategy for use with @injectivelabs/wallet-core.
1
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
albertchonbangjelkoskihmoragregathomasraleemmeloniivan-angelkoskimaxim-injdanidomiproofofzedbrajovicdavidjossefrederick-injectivea1337
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/cjs/index.cjs | AI (source-diff): Encoded strings are base64 ERC20 signature data from @ledgerhq/cryptoassets-evm-signatures, not obfuscated payloads. | ai | |
| phantom-deps | phantom-dep:@ledgerhq/cryptoassets-evm-signatures | AI (phantom-deps): Bundled into dist rather than directly imported; declared dep is correct and legitimate. | ai | |
| source-diff | encoded-string-file:dist/esm/index.js | AI (source-diff): Same base64 ERC20 signature data bundled into ESM output; benign for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/Eth-CvWEOFRz.cjs | AI (source-diff): Bundled CJS chunk of @ledgerhq/hw-app-eth and dependencies; minified but not obfuscated, content is readable and expected. | ai | |
| source-diff | obfuscated-file:dist/esm/Eth-DezsK7L6.js | AI (source-diff): Bundled ESM chunk of @ledgerhq/hw-app-eth and dependencies; same pattern as CJS counterpart, legitimate build artifact. | ai | |
| phantom-deps | phantom-dep:@ledgerhq/hw-transport | AI (phantom-deps): @ledgerhq/hw-transport is a declared dependency used transitively by hw-transport-webhid/webusb; phantom-dep heuristic false positive. | ai | |
| dependencies | unvetted-dep:@bangjelkoski/ledgerhq-hw-app-cosmos | AI (dependencies): InjectiveLabs-maintained fork of LedgerHQ; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@bangjelkoski/ledgerhq-hw-transport | AI (dependencies): InjectiveLabs-maintained fork of LedgerHQ; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@bangjelkoski/ledgerhq-hw-transport-webhid | AI (dependencies): InjectiveLabs-maintained fork of LedgerHQ; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@bangjelkoski/ledgerhq-hw-transport-webusb | AI (dependencies): InjectiveLabs-maintained fork of LedgerHQ; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@bangjelkoski/ledgerhq-hw-app-eth | AI (dependencies): InjectiveLabs-maintained fork of LedgerHQ; stable pattern across all versions of this package. | ai |
Versions (showing 1 of 101)
| Version | Deps | Published |
|---|---|---|
| 1.15.3 | 15 / 4 |
v1.15.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.