@polkadot/api-augment
API generated augmentation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:cjs/kusama/query.d.ts | AI (source-diff): Auto-generated .d.ts type declarations for Kusama chain API; long lines from machine-generated type imports are expected for this package. | ai | |
| source-diff | obfuscated-file:cjs/polkadot/query.d.ts | AI (source-diff): Auto-generated .d.ts type declarations for Polkadot chain API; long lines from machine-generated type imports are expected. | ai | |
| source-diff | obfuscated-file:cjs/substrate/query.d.ts | AI (source-diff): Auto-generated .d.ts type declarations for Substrate chain API; long lines from machine-generated type imports are expected. | ai | |
| source-diff | large-new-source-files | AI (source-diff): CJS build output with generated type declarations; normal for dual ESM/CJS api-augment package across version bumps. | ai | |
| dependencies | unvetted-dep:@polkadot/types-augment | AI (dependencies): Sibling package from the same polkadot-js/api monorepo, pinned to the same version. Expected internal dependency for this ecosystem. | ai | |
| dependencies | unvetted-dep:@polkadot/types | AI (dependencies): Sibling package from the same polkadot-js/api monorepo, pinned to the same version. Expected internal dependency for this ecosystem. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Inflated semver reflects polkadot-js monorepo lockstep versioning. Short README and no keywords are quality issues, not security concerns. Publisher is trusted paritytech-ci. | ai | |
| dependencies | unvetted-dep:@polkadot/api-base | AI (dependencies): Sibling package from the same polkadot-js/api monorepo, pinned to the same version. Expected internal dependency for this ecosystem. | ai | |
| dependencies | unvetted-dep:@polkadot/rpc-augment | AI (dependencies): Sibling package from the same polkadot-js/api monorepo, pinned to the same version. Expected internal dependency for this ecosystem. | ai | |
| dependencies | unvetted-dep:@polkadot/types-codec | AI (dependencies): Sibling package from the same polkadot-js/api monorepo, pinned to the same version. Expected internal dependency for this ecosystem. | ai |
Versions (showing 72 of 172)
| Version | Deps | Published |
|---|---|---|
| 9.11.2 | 7 / 0 | |
| 9.11.1 | 7 / 0 | |
| 9.10.5 | 7 / 0 | |
| 9.10.4 | 7 / 0 | |
| 9.10.3 | 7 / 0 | |
| 9.10.2 | 7 / 0 | |
| 9.10.1 | 7 / 0 | |
| 9.9.4 | 7 / 0 | |
| 9.9.3 | 7 / 0 | |
| 9.9.2 | 7 / 0 | |
| 9.9.1 | 7 / 0 | |
| 9.8.2 | 7 / 0 | |
| 9.8.1 | 7 / 0 | |
| 9.7.1 | 7 / 0 | |
| 9.6.2 | 7 / 0 | |
| 9.6.1 | 7 / 0 | |
| 9.5.2 | 7 / 0 | |
| 9.5.1 | 7 / 0 | |
| 9.4.3 | 7 / 0 | |
| 9.4.2 | 7 / 0 | |
| 9.4.1 | 7 / 0 | |
| 9.3.3 | 7 / 0 | |
| 9.3.2 | 7 / 0 | |
| 9.3.1 | 7 / 0 | |
| 9.2.4 | 7 / 0 | |
| 9.2.3 | 7 / 0 | |
| 9.2.2 | 7 / 0 | |
| 9.2.1 | 7 / 0 | |
| 9.1.1 | 7 / 0 | |
| 9.0.1 | 7 / 0 | |
| 8.14.1 | 7 / 0 | |
| 8.13.1 | 7 / 0 | |
| 8.12.2 | 7 / 0 | |
| 8.12.1 | 7 / 0 | |
| 8.11.3 | 7 / 0 | |
| 8.11.2 | 7 / 0 | |
| 8.11.1 | 7 / 0 | |
| 8.10.1 | 7 / 0 | |
| 8.9.1 | 7 / 0 | |
| 8.8.2 | 7 / 0 | |
| 8.8.1 | 7 / 0 | |
| 8.7.1 | 7 / 0 | |
| 8.6.2 | 7 / 0 | |
| 8.6.1 | 7 / 0 | |
| 8.5.1 | 7 / 0 | |
| 8.4.2 | 7 / 0 | |
| 8.4.1 | 7 / 0 | |
| 8.3.2 | 7 / 0 | |
| 8.3.1 | 7 / 0 | |
| 8.2.1 | 7 / 0 | |
| 8.1.1 | 7 / 0 | |
| 8.0.2 | 7 / 0 | |
| 8.0.1 | 7 / 0 | |
| 7.15.1 | 7 / 0 | |
| 7.14.3 | 7 / 0 | |
| 7.14.2 | 7 / 0 | |
| 7.14.1 | 7 / 0 | |
| 7.13.1 | 7 / 0 | |
| 7.12.1 | 7 / 0 | |
| 7.11.1 | 7 / 0 | |
| 7.10.1 | 7 / 0 | |
| 7.9.1 | 7 / 0 | |
| 7.8.1 | 7 / 0 | |
| 7.7.1 | 7 / 0 | |
| 7.6.1 | 7 / 0 | |
| 7.5.1 | 7 / 0 | |
| 7.4.1 | 7 / 0 | |
| 7.3.1 | 7 / 0 | |
| 7.2.1 | 7 / 0 | |
| 7.1.1 | 7 / 0 | |
| 7.0.2 | 7 / 0 | |
| 7.0.1 | 7 / 0 |
v9.11.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.10.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.10.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.10.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.10.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.9.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.9.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.8.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.4.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.4.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.3.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.14.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.13.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.12.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.11.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.11.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.8.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.4.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.15.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.14.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.14.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.14.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.13.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.11.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.