@lifi/widget — Greenflagged

LI.FI Widget for cross-chain bridging and swapping. It will drive your multi-chain strategy and attract new users from everywhere.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

lifi

Keywords

widgetlifi-widgetbridgeswapcross-chainmulti-chainethereumsolanabitcoinsuiweb3lifi

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher is GitHub Actions with SLSA attestation — CI/CD publishing is the expected pattern for this org.	ai	2026/06/13
phantom-deps	phantom-dep:@mui/system	AI (phantom-deps): MUI peer/config dependency; stable false positive for this MUI-based widget package.	ai	2026/06/13
phantom-deps	phantom-dep:@emotion/styled	AI (phantom-deps): Emotion is an MUI peer dep used via config; stable false positive for this package.	ai	2026/06/13
source-diff	obfuscated-file:dist/esm/components/Tabs/NavigationTabs.d.ts	AI (source-diff): Long-line .d.ts files are normal for @emotion/styled + MUI generic type declarations; not obfuscation.	ai	2026/05/23
phantom-deps	phantom-dep:@emotion/react	AI (phantom-deps): @emotion/react is a declared runtime dep used transitively via MUI; not a true phantom dependency.	ai	2026/05/04

Versions (showing 72 of 72)

Version	Deps	Published
4.0.0	18 / 0	2026-06-03
3.40.12	23 / 0	2026-03-12
3.40.11	23 / 0	2026-02-27
3.40.8	23 / 0	2026-02-09
3.40.7	23 / 0	2026-02-09
3.40.6	23 / 0	2026-02-04
3.40.5	23 / 0	2026-01-20
3.40.4	23 / 0	2026-01-20
3.40.3	23 / 0	2026-01-19
3.40.2	23 / 0	2026-01-16
3.40.1	23 / 0	2026-01-12
3.40.0	23 / 0	2026-01-09
3.38.1	23 / 0	2025-12-23
3.38.0	23 / 0	2025-12-16
3.37.0	23 / 0	2025-12-10
3.36.1	23 / 0	2025-12-04
3.36.0	23 / 0	2025-12-03
3.35.1	23 / 0	2025-12-01
3.35.0	23 / 0	2025-11-28
3.34.3	23 / 0	2025-11-17
3.34.2	23 / 0	2025-11-13
3.34.1	23 / 0	2025-10-31
3.34.0	23 / 0	2025-10-31
3.33.1	23 / 0	2025-10-09
3.33.0	23 / 0	2025-10-08
3.32.2	23 / 0	2025-09-26
3.32.1	23 / 0	2025-09-25
3.32.0	24 / 0	2025-09-23
3.31.0	24 / 0	2025-09-18
3.30.13	23 / 0	2025-09-16
3.30.12	23 / 0	2025-09-16
3.30.11	23 / 0	2025-09-15
3.30.10	23 / 0	2025-09-15
3.30.9	23 / 0	2025-09-15
3.30.8	23 / 0	2025-09-13
3.30.7	23 / 0	2025-09-12
3.30.6	23 / 0	2025-09-12
3.30.5	23 / 0	2025-09-10
3.30.4	23 / 0	2025-09-09
3.30.3	23 / 0	2025-09-09
3.30.2	23 / 0	2025-09-09
3.30.1	23 / 0	2025-09-08
3.30.0	23 / 0	2025-09-02
3.29.1	23 / 0	2025-08-29
3.29.0	23 / 0	2025-08-28
3.28.0	23 / 0	2025-08-20
3.27.6	23 / 0	2025-08-18
3.27.4	23 / 0	2025-08-18
3.27.3	23 / 0	2025-08-14
3.27.2	23 / 0	2025-08-13
3.27.1	23 / 0	2025-08-13
3.27.0	23 / 0	2025-08-11
3.26.1	23 / 0	2025-08-06
3.26.0	23 / 0	2025-08-05
3.25.0	23 / 0	2025-07-28
3.24.3	22 / 0	2025-07-04
3.24.2	22 / 0	2025-07-03
3.24.1	22 / 0	2025-07-02
3.24.0	22 / 0	2025-07-02
3.23.3	22 / 0	2025-06-06
3.23.0	22 / 0	2025-05-30
3.22.0	22 / 0	2025-05-29
3.21.3	22 / 0	2025-05-21
3.21.2	22 / 0	2025-05-21
3.21.1	22 / 0	2025-05-20
3.21.0	22 / 0	2025-05-15
3.20.5	20 / 0	2025-05-12
3.20.4	20 / 0	2025-05-06
3.20.3	20 / 0	2025-05-06
3.20.2	20 / 0	2025-05-05
3.20.1	20 / 0	2025-05-05
3.20.0	20 / 0	2025-05-05

v4.0.0

2 findings

HIGH Publisher changed: lifi → GitHub Actions (on 2026-06-03) provenance

This version was published by a different npm account than previous versions on 2026-06-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance