← Home

@walletconnect/core

npm Repository Homepage

Core for WalletConnect Protocol

29
Versions
SEE LICENSE IN LICENSE.md
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bkremcyberdrkreown-npm-org

Keywords

walletwalletconnect

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/index.cjs AI (source-diff): Rollup-bundled CJS output; standard minification for this package. ai
source-diff obfuscated-file:dist/index.js AI (source-diff): Rollup-bundled ESM output; standard minification for this package. ai
phantom-deps phantom-dep:es-toolkit AI (phantom-deps): Declared dep consumed inside the bundle; not a direct import but used at runtime. ai
dependencies unvetted-dep:uint8arrays AI (dependencies): uint8arrays is a standard utility for binary data in the JS/IPFS ecosystem; legitimate dependency. ai
dependencies unvetted-dep:@walletconnect/time AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/relay-api AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/safe-json AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @walletconnect/core is the legitimate WalletConnect core package in a scoped namespace; Levenshtein comparison to 'cors' is a false positive with no impersonation intent. ai
dependencies unvetted-dep:@walletconnect/jsonrpc-utils AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/window-getters AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/jsonrpc-provider AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/jsonrpc-ws-connection AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
dependencies unvetted-dep:@walletconnect/relay-auth AI (dependencies): Part of the WalletConnect monorepo ecosystem; expected sub-package dependency. ai
bogus-package bogus-package AI (bogus-package): Inflated semver is expected for a monorepo package versioned in lockstep; short README is typical for ecosystem sub-packages. Not indicative of spam or malice. ai
dependencies unvetted-dep:es-toolkit AI (dependencies): es-toolkit is a well-known utility library; its use here is legitimate. ai

Versions (showing 29 of 29)

Version Deps Published
2.23.9 17 / 0
2.23.8 17 / 0
2.23.7 17 / 0
2.23.6 17 / 0
2.23.5 17 / 0
2.23.4 17 / 0
2.23.3 17 / 0
2.23.2 17 / 0
2.23.1 17 / 0
2.23.0 17 / 0
2.22.4 17 / 0
2.22.3 17 / 0
2.22.2 17 / 0
2.22.1 17 / 0
2.22.0 17 / 0
2.21.10 17 / 0
2.21.9 17 / 0
2.21.8 17 / 0
2.21.7 17 / 0
2.21.6 17 / 0
2.21.5 17 / 0
2.21.4 17 / 0
2.21.3 17 / 0
2.21.2 17 / 0
2.21.1 17 / 0
2.21.0 17 / 0
2.20.3 17 / 0
2.20.2 17 / 0
2.20.1 17 / 0

v2.23.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.23.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.23.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.23.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.4

3 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.3

3 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.2

3 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.1

3 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.22.0

3 findings
HIGH New obfuscated file: dist/index.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.21.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.21.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.21.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.20.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.20.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.20.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.