@libp2p/kad-dht No license 24 versions

@libp2p/kad-dht

npm Repository Homepage

24

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

daviddiasalanshawachingbrainvascosantosnpm-service-account-libp2pjacobheun

Keywords

IPFS

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): libp2p project migrated to GitHub Actions CI publishing with SLSA provenance; this is the expected publisher going forward.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy explained by monorepo migration; SLSA attestation confirms legitimate CI publish from official repo.	ai	2026/04/27
provenance	slsa-provenance	AI (provenance): Package consistently uses provenance attestation; stable supply chain signal for this package.	ai	2026/04/27
dependencies	unvetted-dep:it-length	AI (dependencies): it-length is a standard async iterator utility in the it-* ecosystem; no malicious indicators. Stable false positive for this package.	ai	2026/04/25
dependencies	unvetted-dep:@libp2p/ping	AI (dependencies): @libp2p/ping is a core libp2p protocol component from the official libp2p org; no malicious indicators.	ai	2026/04/25
dependencies	unvetted-dep:@libp2p/record	AI (dependencies): @libp2p/record is a core libp2p component from the official libp2p org; no malicious indicators.	ai	2026/04/25

Versions (showing 24 of 24)

Version	Deps	Published
16.3.1	31 / 22	2026-05-31
16.3.0	31 / 22	2026-05-21
16.2.7	31 / 22	2026-05-16
16.2.6	31 / 22	2026-05-13
16.2.5	31 / 22	2026-05-11
16.2.4	31 / 22	2026-04-25
16.2.3	31 / 22	2026-04-21
16.2.2	31 / 22	2026-04-17
16.2.0	31 / 22	2026-04-08
16.1.7	31 / 22	2026-03-28
16.1.6	31 / 22	2026-03-13
16.1.5	31 / 22	2026-03-03
16.1.4	31 / 22	2026-03-01
16.1.3	31 / 22	2026-01-16
16.1.2	31 / 22	2025-11-14
16.1.1	31 / 22	2025-11-13
16.1.0	31 / 22	2025-10-29
16.0.6	31 / 22	2025-10-23
16.0.5	31 / 22	2025-10-03
16.0.4	31 / 22	2025-10-02
16.0.3	31 / 22	2025-10-01
16.0.2	31 / 22	2025-09-27
16.0.1	31 / 22	2025-09-24
16.0.0	31 / 22	2025-09-24

v16.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.3

2 findings

HIGH Publisher changed: achingbrain → GitHub Actions (on 2026-04-21) provenance

This version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.2

2 findings

HIGH Publisher changed: achingbrain → GitHub Actions (on 2026-04-17) provenance

This version was published by a different npm account than previous versions on 2026-04-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.