← Home

@scure/bip32

npm Repository Homepage

Secure, audited & minimal implementation of BIP32 hierarchical deterministic (HD) wallets over secp256k1

19
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

paulmillr

Keywords

bip32hierarchicaldeterministichd keybip0032bip-32bip39microscuremnemonicphrasecode

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@noble/secp256k1 AI (dependencies): @noble/secp256k1 is Paul Miller's own audited secp256k1 library — a natural, expected dependency for a BIP32 implementation by the same author. Not a risk for this package. ai
provenance no-provenance AI (provenance): Established package from a long-standing, trusted publisher (paulmillr). Lack of Sigstore provenance is common and not a risk signal here. ai
dependencies unvetted-dep:@noble/curves AI (dependencies): @noble/curves is a well-known, audited elliptic curve library by Paul Miller, part of the same noble/scure ecosystem. Unvetted status is a registry artifact, not a real risk signal for this package. ai

Versions (showing 19 of 19)

Version Deps Published
2.0.1 3 / 3
2.0.0 3 / 3
1.7.0 3 / 4
1.6.2 3 / 4
1.6.0 3 / 4
1.5.0 3 / 4
1.4.0 3 / 4
1.3.3 3 / 3
1.3.2 3 / 3
1.3.1 3 / 3
1.3.0 3 / 3
1.2.0 3 / 3
1.1.5 3 / 3
1.1.4 3 / 3
1.1.3 3 / 4
1.1.2 3 / 4
1.1.1 3 / 4
1.1.0 3 / 4
1.0.1 3 / 4