@t2000/mcp
MCP server for AI agent bank accounts on Sui — 29 tools, 15 prompts, stdio transport. Drop-in for Claude Desktop, Cursor, Cline, Continue, or any MCP-compatible client.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/bin.js | AI (source-diff): Long hex strings are EVM bytecode constants from bundled viem library; not malicious encoding. | ai | |
| source-diff | encoded-string-file:dist/index.js | AI (source-diff): Same viem EVM bytecode constants; stable false positive for this package. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): Package has 219 versions and coordinates releases with @t2000/sdk at matching versions — rapid publishes reflect an automated monorepo CI pipeline, not malicious activity. | ai | |
| provenance | no-provenance | AI (provenance): Package consistently lacks Sigstore provenance; this is a best-practice gap, not a security threat, and is stable across versions for this package. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): @t2000/mcp is a scoped MCP server for Sui blockchain — no plausible impersonation of 'yup' (a schema validation library). Levenshtein match is coincidental. | ai |
Versions (showing 58 of 265)
| Version | Deps | Published |
|---|---|---|
| 0.44.0 | 0 / 8 | |
| 0.43.0 | 0 / 8 | |
| 0.42.0 | 0 / 8 | |
| 0.41.0 | 0 / 8 | |
| 0.40.4 | 0 / 8 | |
| 0.40.3 | 0 / 8 | |
| 0.40.2 | 0 / 8 | |
| 0.40.1 | 0 / 8 | |
| 0.40.0 | 0 / 8 | |
| 0.39.0 | 0 / 8 | |
| 0.38.0 | 0 / 8 | |
| 0.37.2 | 0 / 8 | |
| 0.37.1 | 0 / 8 | |
| 0.25.1 | 3 / 5 | |
| 0.22.23 | 3 / 5 | |
| 0.22.5 | 3 / 5 | |
| 0.22.4 | 3 / 5 | |
| 0.22.1 | 3 / 5 | |
| 0.22.0 | 3 / 5 | |
| 0.21.0 | 3 / 5 | |
| 0.20.38 | 3 / 5 | |
| 0.20.34 | 3 / 5 | |
| 0.20.26 | 3 / 5 | |
| 0.17.29 | 3 / 5 | |
| 0.17.27 | 3 / 5 | |
| 0.17.21 | 3 / 5 | |
| 0.17.16 | 3 / 5 | |
| 0.17.11 | 3 / 5 | |
| 0.16.24 | 3 / 5 | |
| 0.16.23 | 3 / 5 | |
| 0.16.22 | 3 / 5 | |
| 0.16.21 | 3 / 5 | |
| 0.16.20 | 3 / 5 | |
| 0.16.19 | 3 / 5 | |
| 0.16.18 | 3 / 5 | |
| 0.16.17 | 3 / 5 | |
| 0.16.14 | 3 / 5 | |
| 0.16.11 | 3 / 5 | |
| 0.16.10 | 3 / 5 | |
| 0.16.9 | 3 / 5 | |
| 0.16.7 | 3 / 5 | |
| 0.16.6 | 3 / 5 | |
| 0.16.4 | 3 / 5 | |
| 0.16.3 | 3 / 5 | |
| 0.16.2 | 3 / 5 | |
| 0.16.1 | 3 / 5 | |
| 0.16.0 | 3 / 5 | |
| 0.15.3 | 3 / 5 | |
| 0.15.2 | 3 / 5 | |
| 0.15.1 | 3 / 5 | |
| 0.15.0 | 3 / 5 | |
| 0.14.1 | 3 / 5 | |
| 0.14.0 | 3 / 5 | |
| 0.13.0 | 3 / 5 | |
| 0.12.3 | 3 / 5 | |
| 0.12.2 | 3 / 5 | |
| 0.12.1 | 3 / 5 | |
| 0.12.0 | 3 / 5 |
v0.44.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.42.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.4
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.3
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.2
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.1
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.40.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.38.0
3 findingsModified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 5 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.37.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.38
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.34
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.26
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.29
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.27
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.21
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.16
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.11
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.24
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.14
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.11
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: funkii.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.