← Home

@ton/sandbox

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

tsivarevtruecarryklpxdanil42russiatolk-vmton-ciit-tonstudio-iotolyayanot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff encoded-string-file:dist/executor/emulator-emscripten.wasm.js AI (source-diff): Base64-encoded WASM binary is the expected format for this TON emulator package; stable across versions. ai
source-diff encoded-string-file:dist/config/defaultConfig.d.ts AI (source-diff): Long base64 string is TON blockchain config data embedded as a typed constant; expected for this package. ai
source-diff encoded-string-file:dist/config/slimConfig.d.ts AI (source-diff): Long base64 string is TON blockchain slim config data embedded as a typed constant; expected for this package. ai
dependencies unvetted-dep:ton-assembly AI (dependencies): ton-assembly is a TON assembler; its use in a TON sandbox/emulator is expected and consistent across versions. ai

Versions (showing 3 of 3)

Version Deps Published
0.43.0 3 / 17
0.42.0 5 / 17
0.41.0 5 / 17

v0.43.0

4 findings
HIGH Long encoded string in modified file: dist/executor/emulator-emscripten.wasm.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/config/defaultConfig.d.ts source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

HIGH Long encoded string in modified file: dist/config/slimConfig.d.ts source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.42.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.