@polkadot/types — Greenflagged

Implementation of the Parity codec

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

jacogrpolkadotjsparitytech-ci

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	large-new-source-files	AI (source-diff): @polkadot/types regularly adds new interface/type definition files as the Polkadot ecosystem evolves; this is expected growth for this package.	ai	2026/04/24
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in CLI codegen scripts loads user-specified local type definitions via path.join(process.cwd(), ...). This is an intentional, safe pattern for a developer tooling script.	ai	2026/04/24
phantom-deps	phantom-dep:memoizee	AI (phantom-deps): memoizee is explicitly declared as a runtime dependency in package.json dependencies; the phantom-dep finding is a false positive for this package.	ai	2026/04/24
dependencies	unvetted-dep:@polkadot/types-augment	AI (dependencies): Sibling @polkadot org package from the same monorepo release; expected dependency.	ai	2026/04/21
dependencies	unvetted-dep:@polkadot/keyring	AI (dependencies): Sibling @polkadot org package; expected dependency for this monorepo package. Not a security risk.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Inflated semver reflects monorepo versioning convention; short README and no keywords are quality issues, not security signals. Legitimate paritytech-ci publisher.	ai	2026/04/21
phantom-deps	phantom-dep:@polkadot/types-augment	AI (phantom-deps): Used for TypeScript type augmentation in the polkadot-js monorepo; not a direct import by design.	ai	2026/04/21
dependencies	unvetted-dep:@polkadot/types-codec	AI (dependencies): Sibling @polkadot org package from the same monorepo release; expected dependency.	ai	2026/04/21
dependencies	unvetted-dep:@polkadot/types-create	AI (dependencies): Sibling @polkadot org package from the same monorepo release; expected dependency.	ai	2026/04/21

Versions (showing 51 of 723)

View all versions

Version	Deps	Published
16.5.6	8 / 0	2026-03-23
16.5.4	8 / 0	2025-12-09
16.5.3	8 / 0	2025-11-25
16.5.2	8 / 0	2025-11-11
16.5.1	8 / 0	2025-11-06
16.4.9	8 / 0	2025-10-14
16.4.8	8 / 0	2025-09-23
16.4.7	8 / 0	2025-09-15
16.4.6	8 / 0	2025-08-26
16.4.5	8 / 0	2025-08-20
16.4.4	8 / 0	2025-08-13
16.4.3	8 / 0	2025-07-29
16.4.2	8 / 0	2025-07-22
16.4.1	8 / 0	2025-07-09
16.3.1	8 / 0	2025-07-01
16.2.2	8 / 0	2025-06-17
16.2.1	8 / 0	2025-06-10
16.1.2	8 / 0	2025-06-04
16.1.1	8 / 0	2025-05-29
16.0.1	8 / 0	2025-05-19
15.10.2	8 / 0	2025-05-13
15.10.1	8 / 0	2025-05-13
15.9.3	8 / 0	2025-05-06
15.9.2	8 / 0	2025-04-15
15.9.1	8 / 0	2025-03-27
15.8.1	8 / 0	2025-03-10
15.7.2	8 / 0	2025-03-03
15.7.1	8 / 0	2025-02-25
15.6.1	8 / 0	2025-02-17
15.5.2	8 / 0	2025-02-03
15.5.1	8 / 0	2025-01-27
15.4.1	8 / 0	2025-01-20
15.3.1	8 / 0	2025-01-12
15.2.1	8 / 0	2025-01-06
15.1.1	8 / 0	2024-12-30
15.0.2	8 / 0	2024-12-13
15.0.1	8 / 0	2024-11-27
14.3.1	8 / 0	2024-11-12
14.2.3	8 / 0	2024-11-05
14.2.2	8 / 0	2024-10-31
14.2.1	8 / 0	2024-10-28
14.1.1	8 / 0	2024-10-21
14.0.1	8 / 0	2024-10-02
13.2.1	8 / 0	2024-09-23
13.1.1	8 / 0	2024-09-18
13.0.1	8 / 0	2024-09-10
12.4.2	8 / 0	2024-08-21
12.4.1	8 / 0	2024-08-19
12.3.1	8 / 0	2024-08-05
12.2.3	8 / 0	2024-07-29
12.2.2	8 / 0	2024-07-25