← Home

@taquito/ledger-signer

npm Repository Homepage
8
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jevonearthroxaneletourneauhui-an.yanggimbrailo.ecad

Keywords

taquitotezostypescriptblockchainwalletledgersigner

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:buffer AI (phantom-deps): buffer is used via Buffer.from() in the signing code; declared as a runtime dep for browser polyfill. Stable false positive for this package. ai
semgrep semgrep:hex-decode AI (semgrep): Buffer.from(bytes, 'hex') is standard hex-to-buffer conversion for preparing cryptographic signing payloads for Ledger hardware; not a malicious pattern for this package. ai
phantom-deps phantom-dep:@taquito/taquito AI (phantom-deps): Same-org sibling package from the taquito monorepo; phantom dep is a packaging artifact, not a supply chain risk. ai

Versions (showing 8 of 8)

Version Deps Published
24.3.0 6 / 23
24.2.0 6 / 26
24.1.0 6 / 26
24.0.2 6 / 26
24.0.1 6 / 26
24.0.0 6 / 26
23.1.0 6 / 26
23.0.3 6 / 26