@polkadot/util-crypto
A collection of useful crypto utilities for @polkadot
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/en.js | AI (source-diff): BIP-39 English wordlist stored as a pipe-delimited string — standard format for mnemonic word lists, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/es.js | AI (source-diff): BIP-39 Spanish wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/en.js | AI (source-diff): BIP-39 English wordlist stored as a pipe-delimited string — standard format for mnemonic word lists, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/zh-t.js | AI (source-diff): BIP-39 Traditional Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/zh-t.js | AI (source-diff): BIP-39 Traditional Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/zh-s.js | AI (source-diff): BIP-39 Simplified Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/zh-s.js | AI (source-diff): BIP-39 Simplified Chinese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/ko.js | AI (source-diff): BIP-39 Korean wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/ko.js | AI (source-diff): BIP-39 Korean wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/jp.js | AI (source-diff): BIP-39 Japanese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/jp.js | AI (source-diff): BIP-39 Japanese wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/it.js | AI (source-diff): BIP-39 Italian wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/it.js | AI (source-diff): BIP-39 Italian wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/fr.js | AI (source-diff): BIP-39 French wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/wordlists/fr.js | AI (source-diff): BIP-39 French wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | obfuscated-file:mnemonic/wordlists/es.js | AI (source-diff): BIP-39 Spanish wordlist stored as a pipe-delimited string — standard format, not obfuscated code. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Significant source reduction in mature crypto utility library likely reflects legitimate refactoring/cleanup, not code replacement. Consistent with established publisher's track record. | ai | |
| source-diff | obfuscated-file:cjs/mnemonic/bip39-en.js | AI (source-diff): The 'obfuscated' file is the BIP39 English wordlist stored as a pipe-delimited string — a standard data file, not obfuscated code. Long line is 2048 mnemonic words concatenated. | ai | |
| dependencies | unvetted-dep:@types/pbkdf2 | AI (dependencies): @types/pbkdf2 is a standard TypeScript type definition package for the pbkdf2 library. Low risk for this well-established crypto utility package. | ai | |
| dependencies | unvetted-dep:@polkadot/schnorrkel-js | AI (dependencies): @polkadot/schnorrkel-js is the official Schnorr/sr25519 WASM binding from the same Polkadot JS organization; entirely expected in this crypto utility package. | ai | |
| dependencies | unvetted-dep:@types/secp256k1 | AI (dependencies): @types/secp256k1 is a DefinitelyTyped TypeScript type definition package for the secp256k1 library — a legitimate and expected dependency for a crypto utility package. | ai | |
| phantom-deps | phantom-dep:@noble/hashes | AI (phantom-deps): @noble/hashes is vendored/bundled under ./noble-hashes/lib/ in the package exports map; not imported via node_modules path. Phantom-dep detection is a false positive for this bundling pattern. | ai | |
| source-diff | obfuscated-file:noble-hashes/lib/sha512.cjs | AI (source-diff): File is Babel-transpiled CJS output of the @noble/hashes library (MIT, paulmillr.com). Long lines are due to transpiler helpers and inline SHA-512 constants, not obfuscation. Stable false positive for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 150 new files are the vendored @noble/hashes library replacing multiple older hash dependencies. Deliberate consolidation by a trusted publisher, not injected code. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): polkadotjs publisher has 4079 approved/0 rejected packages; dormancy followed by legitimate coordinated ecosystem release is expected for this well-established package. | ai | |
| dependencies | unvetted-dep:elliptic | AI (dependencies): elliptic is a well-known JS elliptic curve library; its use in a crypto utility package for secp256k1 operations is expected and legitimate. | ai | |
| phantom-deps | phantom-dep:create-hash | AI (phantom-deps): create-hash is a standard hashing dependency; phantom detection is a false positive for this crypto utility package. | ai | |
| phantom-deps | phantom-dep:bn.js | AI (phantom-deps): bn.js is a standard big-number dependency used transitively in crypto operations; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/secp256k1 | AI (phantom-deps): @types/* packages are TypeScript type definitions loaded by convention, not directly imported. This is standard practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/pbkdf2 | AI (phantom-deps): @types/* packages are TypeScript type definitions loaded by convention, not directly imported. This is standard practice for this package. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding is used to load the compiled schnorrkel WebAssembly binary — canonical WASM-in-npm pattern, not a hidden payload. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require() in wasm-bindgen generated glue code for schnorrkel WASM module — standard wasm-bindgen output, not malicious. | ai | |
| source-diff | obfuscated-file:schnorrkel/schnorrkel-js/schnorrkel_js_bg.js | AI (source-diff): This file is a wasm-bindgen generated JS wrapper containing a hex-encoded WebAssembly binary (schnorrkel/sr25519). The pattern is canonical for WASM-in-npm packages and is not obfuscation. | ai | |
| source-diff | obfuscated-file:schnorrkel/schnorrkel-js/schnorrkel_js_wasm.js | AI (source-diff): File is a base64-encoded WebAssembly binary (AGFzbQ = \0asm magic bytes) generated by wasm-bindgen. Standard pattern for WASM-based crypto libraries in the Polkadot ecosystem. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() is standard wasm-bindgen glue code for bridging WASM imports to JS. Input comes from WASM memory, not user-controlled external sources. | ai | |
| source-diff | encoded-string-file:blake2/asHex.spec.js | AI (source-diff): Long strings in spec files are cryptographic test vectors (expected hash outputs), not encoded payloads. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is entirely explained by the embedded WASM binary for Schnorrkel signatures, a legitimate cryptographic addition. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): bip39 and @types/bip39 are legitimate, well-known packages expected in a blockchain crypto utility library; addition is consistent with the package's purpose. | ai | |
| phantom-deps | phantom-dep:@types/webassembly-js-api | AI (phantom-deps): @types/* packages are TypeScript type declarations; not being directly imported is expected and normal for this package type. | ai | |
| phantom-deps | phantom-dep:@types/xxhashjs | AI (phantom-deps): @types/* packages are TypeScript type declarations; not being directly imported is expected and normal for this package type. | ai | |
| dependencies | unvetted-dep:@types/bip39 | AI (dependencies): @types/bip39 is a TypeScript type definitions package — purely a development/type aid with no runtime risk. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/bip39 | AI (phantom-deps): @types/bip39 is a TypeScript type definitions package; it is normal for TS libraries to declare @types/* as dependencies for consumers even without direct imports. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; trusted publisher with 8385 approved packages. Stable false positive for this package. | ai | |
| source-diff | encoded-string-file:blake2/blake2b/asHex.spec.js | AI (source-diff): Long hex strings in this file are cryptographic test vectors for blake2b correctness verification — standard practice in crypto library test suites, not malicious payloads. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): paritytech-ci is a known trusted publisher in the Polkadot ecosystem; the maintainer addition reflects a legitimate org-level CI transition. | ai | |
| provenance | publisher-changed | AI (provenance): paritytech-ci is the established Parity Technologies CI publisher for the polkadot-js ecosystem with 67 approved packages and 0 rejections; this transition is legitimate. | ai | |
| source-diff | encoded-string-file:bundle-polkadot-util-crypto.js | AI (source-diff): Long base64 string is a zlib-compressed WASM binary embedded in the bundle — standard practice for polkadot-js packages, not a malicious payload. | ai | |
| phantom-deps | phantom-dep:@polkadot/wasm-util | AI (phantom-deps): Same-org scope dependency declared but not directly imported; expected pattern for the @polkadot monorepo structure. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): URLs in this package are blockchain network metadata (website fields), not C2 infrastructure. This is a stable false positive for this package. | ai |
Versions (showing 100 of 375)
| Version | Deps | Published |
|---|---|---|
| 0.29.31 | 6 / 0 | |
| 0.29.30 | 6 / 0 | |
| 0.29.29 | 6 / 0 | |
| 0.29.28 | 6 / 0 | |
| 0.29.27 | 6 / 0 | |
| 0.29.26 | 6 / 0 | |
| 0.29.25 | 6 / 0 | |
| 0.29.24 | 6 / 0 | |
| 0.29.23 | 6 / 0 | |
| 0.29.22 | 6 / 0 | |
| 0.29.21 | 6 / 0 | |
| 0.29.20 | 6 / 0 | |
| 0.29.19 | 6 / 0 | |
| 0.29.18 | 6 / 0 | |
| 0.29.17 | 6 / 0 | |
| 0.29.16 | 6 / 0 | |
| 0.29.15 | 6 / 0 | |
| 0.29.14 | 6 / 0 | |
| 0.29.13 | 6 / 0 | |
| 0.29.12 | 6 / 0 | |
| 0.29.11 | 6 / 0 | |
| 0.29.10 | 6 / 0 | |
| 0.29.9 | 6 / 0 | |
| 0.29.8 | 6 / 0 | |
| 0.29.7 | 6 / 0 | |
| 0.29.6 | 6 / 0 | |
| 0.29.5 | 6 / 0 | |
| 0.29.4 | 6 / 0 | |
| 0.29.3 | 6 / 0 | |
| 0.29.2 | 6 / 0 | |
| 0.29.1 | 6 / 0 | |
| 0.28.25 | 6 / 0 | |
| 0.28.24 | 6 / 0 | |
| 0.28.23 | 6 / 0 | |
| 0.28.22 | 6 / 0 | |
| 0.28.21 | 6 / 0 | |
| 0.28.20 | 6 / 0 | |
| 0.28.19 | 6 / 0 | |
| 0.28.18 | 6 / 0 | |
| 0.28.17 | 6 / 0 | |
| 0.28.16 | 6 / 0 | |
| 0.28.15 | 6 / 0 | |
| 0.28.14 | 6 / 0 | |
| 0.28.13 | 6 / 0 | |
| 0.28.12 | 6 / 0 | |
| 0.28.11 | 6 / 0 | |
| 0.28.10 | 6 / 0 | |
| 0.28.9 | 6 / 0 | |
| 0.28.8 | 6 / 0 | |
| 0.28.7 | 6 / 0 | |
| 0.28.6 | 6 / 0 | |
| 0.28.5 | 6 / 0 | |
| 0.28.4 | 6 / 0 | |
| 0.28.3 | 6 / 0 | |
| 0.28.2 | 6 / 0 | |
| 0.28.1 | 6 / 0 | |
| 0.27.12 | 6 / 0 | |
| 0.27.11 | 6 / 0 | |
| 0.27.10 | 6 / 0 | |
| 0.27.9 | 6 / 0 | |
| 0.27.1 | 6 / 0 | |
| 0.26.36 | 6 / 0 | |
| 0.26.35 | 6 / 0 | |
| 0.26.34 | 6 / 0 | |
| 0.26.33 | 6 / 0 | |
| 0.26.32 | 6 / 0 | |
| 0.26.31 | 6 / 0 | |
| 0.26.30 | 6 / 0 | |
| 0.26.29 | 6 / 0 | |
| 0.26.27 | 6 / 0 | |
| 0.26.26 | 6 / 0 | |
| 0.26.25 | 6 / 0 | |
| 0.26.24 | 6 / 0 | |
| 0.26.23 | 6 / 0 | |
| 0.26.22 | 6 / 0 | |
| 0.26.21 | 6 / 0 | |
| 0.26.20 | 6 / 0 | |
| 0.26.19 | 6 / 0 | |
| 0.26.18 | 6 / 0 | |
| 0.26.17 | 6 / 0 | |
| 0.26.16 | 6 / 0 | |
| 0.26.15 | 6 / 0 | |
| 0.26.14 | 6 / 0 | |
| 0.26.13 | 6 / 0 | |
| 0.26.12 | 6 / 0 | |
| 0.26.11 | 6 / 0 | |
| 0.26.10 | 6 / 0 | |
| 0.26.9 | 6 / 0 | |
| 0.26.8 | 6 / 0 | |
| 0.26.6 | 6 / 0 | |
| 0.26.5 | 6 / 0 | |
| 0.25.1 | 6 / 0 | |
| 0.24.9 | 6 / 0 | |
| 0.24.8 | 6 / 0 | |
| 0.24.7 | 6 / 0 | |
| 0.24.6 | 6 / 0 | |
| 0.24.5 | 6 / 0 | |
| 0.24.4 | 6 / 0 | |
| 0.24.3 | 6 / 0 | |
| 0.24.2 | 6 / 0 |
v0.29.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.17
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.16
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.15
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.14
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.13
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.12
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.11
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.10
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.9
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.8
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.6
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.5
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.1
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.9
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.8
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.7
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.6
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.5
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.4
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.3
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.2
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.