@libp2p/tcp No license 21 versions

@libp2p/tcp

npm Repository Homepage

21

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

daviddiasalanshawachingbrainvascosantosnpm-service-account-libp2pjacobheun

Keywords

IPFSTCPlibp2pnetworkp2ppeerpeer-to-peer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): achingbrain is the primary libp2p maintainer with 2095 days history and 1248 approved packages; transition from service account to personal account is legitimate. SLSA provenance attestation confirms CI/CD build integrity.	ai	2026/04/26
phantom-deps	phantom-dep:@types/sinon	AI (phantom-deps): @types/sinon is a TypeScript type definition package with no runtime behavior; misplaced in dependencies vs devDependencies but poses zero security risk.	ai	2026/04/26
typosquat	typosquat.levenshtein:yup	AI (typosquat): @libp2p/tcp is a scoped package in the official libp2p namespace; the levenshtein match against 'yup' is a false positive with no plausible confusion vector.	ai	2026/04/25
dependencies	unvetted-dep:@libp2p/utils	AI (dependencies): @libp2p/utils is a core utility package in the official libp2p ecosystem; expected dependency for this transport.	ai	2026/04/25
dependencies	unvetted-dep:@multiformats/multiaddr-matcher	AI (dependencies): @multiformats/multiaddr-matcher is part of the official multiformats ecosystem; expected dependency for a libp2p transport.	ai	2026/04/25

Versions (showing 21 of 21)

Version	Deps	Published
11.0.21	8 / 9	2026-05-31
11.0.20	8 / 9	2026-05-16
11.0.19	8 / 9	2026-05-11
11.0.18	8 / 9	2026-04-25
11.0.17	8 / 9	2026-04-17
11.0.15	9 / 8	2026-04-08
11.0.14	9 / 8	2026-03-28
11.0.13	9 / 8	2026-03-13
11.0.12	9 / 8	2026-03-03
11.0.11	9 / 8	2026-03-01
11.0.10	9 / 8	2026-01-16
11.0.9	9 / 8	2025-11-14
11.0.8	9 / 8	2025-11-13
11.0.7	9 / 8	2025-10-29
11.0.6	9 / 8	2025-10-23
11.0.5	9 / 8	2025-10-03
11.0.4	9 / 8	2025-10-02
11.0.3	9 / 8	2025-10-01
11.0.2	9 / 8	2025-09-27
11.0.1	9 / 8	2025-09-24
11.0.0	9 / 8	2025-09-24

v11.0.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.13

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.12

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-03) provenance

This version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.11

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.10

2 findings

HIGH Publisher changed: npm-service-account-libp2p → achingbrain (on 2026-01-16) provenance

This version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.