{"id":4770145,"name":"@agoric/inter-protocol","ecosystem":"npm","description":"Core cryptoeconomy contracts","homepage":"https://github.com/Agoric/agoric-sdk","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/Agoric/agoric-sdk","keywords_array":[],"namespace":"agoric","versions_count":1756,"first_release_published_at":"2022-08-10T23:14:13.585Z","latest_release_published_at":"2023-06-09T06:45:55.972Z","latest_release_number":"0.16.1","last_synced_at":"2026-03-29T02:02:08.206Z","created_at":"2022-07-26T06:43:02.930Z","updated_at":"2026-03-29T02:02:08.207Z","registry_url":"https://www.npmjs.com/package/@agoric/inter-protocol","install_command":"npm install @agoric/inter-protocol","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"other-dev":"0.16.2-other-dev-8f8782b.0","agoric-upgrade-11":"0.16.2-u11wf.0","agoric-upgrade-12":"0.16.2-u12.0","getting-started-dev":"0.16.2-getting-started-dev-a3805f7.0","agoric-upgrade-13":"0.16.2-u13.0","mainnet1B-dev":"0.16.2-mainnet1B-dev-b0c1f78.0","upgrade-14-dev":"0.16.2-upgrade-14-dev-c8f9e7b.0","orchestration-dev":"0.16.2-orchestration-dev-096c4e8.0","agoric-upgrade-14":"0.16.2-u14.1","agoric-upgrade-15":"0.16.2-u15.0","upgrade-16-fi-dev":"0.16.2-upgrade-16-fi-dev-8879538.0","calypso-dev":"0.16.2-calypso-dev-dabccdc.0","upgrade-16a-dev":"0.17.0-upgrade-16a-dev-fb592e4.0","agoric-upgrade-16":"0.17.0-u16.2","upgrade-16-dev":"0.17.0-upgrade-16-dev-0df76a7.0","upgrade-17-dev":"0.17.0-upgrade-17-dev-ec448b0.0","community-dev":"0.17.0-u17.1","agoric-upgrade-17":"0.17.0-u17.1","latest":"0.17.0-u18.0","agoric-upgrade-18":"0.17.0-u18.0","upgrade-18-dev":"0.17.0-upgrade-18-dev-bf39b10.0","dev":"0.16.2-dev-76ad0fc.0"}},"repo_metadata":{"id":37300468,"uuid":"219012610","full_name":"Agoric/agoric-sdk","owner":"Agoric","description":"monorepo for the Agoric Javascript smart contract platform","archived":false,"fork":false,"pushed_at":"2025-10-29T18:58:34.000Z","size":159954,"stargazers_count":352,"open_issues_count":1768,"forks_count":254,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-10-29T19:29:09.886Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Agoric.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":"MAINTAINERS.md","copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2019-11-01T15:30:18.000Z","updated_at":"2025-10-29T17:49:23.000Z","dependencies_parsed_at":"2023-11-21T01:46:09.702Z","dependency_job_id":"e1cf8faa-c42d-4a95-8ba4-874dee7fc4a3","html_url":"https://github.com/Agoric/agoric-sdk","commit_stats":{"total_commits":14247,"total_committers":90,"mean_commits":158.3,"dds":0.760932126061627,"last_synced_commit":"103e0bcd41170c015d3685398ad3aa2fae1126e5"},"previous_names":["agoric/agoric"],"tags_count":4055,"template":false,"template_full_name":null,"purl":"pkg:github/Agoric/agoric-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Agoric","download_url":"https://codeload.github.com/Agoric/agoric-sdk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk/sbom","scorecard":{"id":9347,"data":{"date":"2025-08-11","repo":{"name":"github.com/Agoric/agoric-sdk","commit":"a849b4a4e5fd853abe19e7d19a9917d364fff153"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker.yml:42","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/docker.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker.yml:167","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/docker.yml:169","Warn: no topLevel permission defined: .github/workflows/after-merge.yml:1","Warn: no topLevel permission defined: .github/workflows/benchmarks.yml:1","Warn: no topLevel permission defined: .github/workflows/comment-on-base-branch-change.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/dump-ci-stats.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:14","Warn: no topLevel permission defined: .github/workflows/integration.yml:1","Warn: no topLevel permission defined: .github/workflows/manage-integration-check.yml:1","Warn: no topLevel permission defined: .github/workflows/mergify-ready.yml:1","Warn: no topLevel permission defined: .github/workflows/multichain-e2e-template.yml:1","Warn: no topLevel permission defined: .github/workflows/multichain-e2e.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/nix-check.yml:18","Warn: no topLevel permission defined: .github/workflows/pre-check-integration.yml:1","Warn: no topLevel permission defined: .github/workflows/proto.yml:1","Warn: no topLevel permission defined: .github/workflows/test-all-packages.yml:1","Warn: no topLevel permission defined: .github/workflows/test-documentation.yml:1","Warn: no topLevel permission defined: .github/workflows/test-golang.yml:1","Warn: no topLevel permission defined: .github/workflows/test-scripts.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact ymax-v0.1-alpha not signed: https://api.github.com/repos/Agoric/agoric-sdk/releases/232714979","Warn: release artifact fast-usdc-cctp-b1 not signed: https://api.github.com/repos/Agoric/agoric-sdk/releases/218653447","Warn: release artifact ymax-v0.1-alpha does not have provenance: https://api.github.com/repos/Agoric/agoric-sdk/releases/232714979","Warn: release artifact fast-usdc-cctp-b1 does not have provenance: https://api.github.com/repos/Agoric/agoric-sdk/releases/218653447"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/after-merge.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/after-merge.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/after-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/benchmarks.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/comment-on-base-branch-change.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/comment-on-base-branch-change.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dump-ci-stats.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/dump-ci-stats.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dump-ci-stats.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/dump-ci-stats.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:377: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:423: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:426: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-integration-check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/manage-integration-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manage-integration-check.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/manage-integration-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergify-ready.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/mergify-ready.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergify-ready.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/mergify-ready.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/multichain-e2e-template.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/multichain-e2e-template.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/multichain-e2e-template.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/multichain-e2e-template.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/multichain-e2e-template.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/multichain-e2e-template.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nix-check.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/nix-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nix-check.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/nix-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nix-check.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/nix-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pre-check-integration.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/pre-check-integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/proto.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/proto.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/proto.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/proto.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/proto.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:520: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:738: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:480: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:606: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:650: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:697: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all-packages.yml:441: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-all-packages.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-documentation.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-documentation.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-documentation.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-golang.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-scripts.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Agoric/agoric-sdk/test-scripts.yml/master?enable=pin","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile:5","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.ibc-alpha:3","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:5","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:23","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:38","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:70","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:101","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.sdk:128","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.show-fat:1: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: packages/deployment/Dockerfile.ssh-node:2: pin your Docker image by updating ubuntu:latest to ubuntu:latest@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061","Warn: containerImage not pinned by hash: packages/solo/Dockerfile:3","Warn: downloadThenRun not pinned by hash: packages/cosmic-swingset/scripts/run-rosetta-ci.sh:24","Info:   0 out of  56 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  18 third-party GitHubAction dependencies pinned","Info:   0 out of  11 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: JavaScriptPropertyBasedTesting integration found: packages/ERTP/test/unitTests/amountProperties.test.js:3","Info: JavaScriptPropertyBasedTesting integration found: packages/internal/test/utils.test.js:4","Info: JavaScriptPropertyBasedTesting integration found: packages/internal/test/utils.test.js:18","Info: JavaScriptPropertyBasedTesting integration found: packages/ERTP/test/unitTests/amountProperties.test.js:3","Info: JavaScriptPropertyBasedTesting integration found: packages/internal/test/utils.test.js:4","Info: JavaScriptPropertyBasedTesting integration found: packages/internal/test/utils.test.js:18","Info: TypeScriptPropertyBasedTesting integration found: packages/fast-usdc/test/pool-share-math.test.ts:2","Info: TypeScriptPropertyBasedTesting integration found: packages/fast-usdc/test/pool-share-math.test.ts:2"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"33 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GHSA-6294-6rgp-fr7r","Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2024-2800 / GHSA-q64h-39hv-4cf7","Warn: Project is vulnerable to: GO-2024-2948 / GHSA-xfhp-jf8p-mh5w","Warn: Project is vulnerable to: GO-2024-3110 / GHSA-jfvp-7x6p-h2pv","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T14:13:09.076Z","repository_id":37300468,"created_at":"2025-08-14T14:13:09.076Z","updated_at":"2025-08-14T14:13:09.076Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281694085,"owners_count":26545497,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-29T02:00:06.901Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"Agoric","name":"Agoric","uuid":"26842028","kind":"organization","description":"Founded by pioneers in secure development and distributed systems, Agoric uses a secure subset of JavaScript to enable object capabilities and smart contracts.","email":"info@agoric.com","website":"https://agoric.com/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/26842028?v=4","repositories_count":76,"last_synced_at":"2025-02-21T04:33:55.949Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/Agoric","funding_links":[],"total_stars":1243,"followers":182,"following":0,"created_at":"2022-11-13T00:22:35.900Z","updated_at":"2025-02-21T04:33:55.949Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Agoric","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Agoric/repositories"},"tags":[]},"repo_metadata_updated_at":"2025-10-29T20:52:03.700Z","dependent_packages_count":9,"downloads":17899,"downloads_period":"last-month","dependent_repos_count":12,"rankings":{"downloads":1.892621605982186,"dependent_repos_count":3.409212552044715,"dependent_packages_count":2.4792591758145988,"stargazers_count":3.5776777657588985,"forks_count":2.3202315131856937,"docker_downloads_count":0.6268374173547466,"average":2.38430667169014},"purl":"pkg:npm/%40agoric/inter-protocol","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@agoric/inter-protocol","docker_dependents_count":1,"docker_downloads_count":29746,"usage_url":"https://repos.ecosyste.ms/usage/npm/@agoric/inter-protocol","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@agoric/inter-protocol/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-29T02:01:50.315Z","issues_count":1833,"pull_requests_count":3988,"avg_time_to_close_issue":23479324.413641363,"avg_time_to_close_pull_request":2946193.813960935,"issues_closed_count":909,"pull_requests_closed_count":3123,"pull_request_authors_count":76,"issue_authors_count":68,"avg_comments_per_issue":1.7828696126568466,"avg_comments_per_pull_request":1.732196589769308,"merged_pull_requests_count":2447,"bot_issues_count":0,"bot_pull_requests_count":217,"past_year_issues_count":422,"past_year_pull_requests_count":1704,"past_year_avg_time_to_close_issue":1404382.8959537572,"past_year_avg_time_to_close_pull_request":587921.9335548172,"past_year_issues_closed_count":173,"past_year_pull_requests_closed_count":1204,"past_year_pull_request_authors_count":53,"past_year_issue_authors_count":29,"past_year_avg_comments_per_issue":0.4976303317535545,"past_year_avg_comments_per_pull_request":1.7758215962441315,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":147,"past_year_merged_pull_requests_count":974,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/Agoric%2Fagoric-sdk/issues","maintainers":[{"login":"turadg","count":1043,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/turadg"},{"login":"mhofman","count":515,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mhofman"},{"login":"dckc","count":433,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dckc"},{"login":"gibson042","count":396,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/gibson042"},{"login":"erights","count":354,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/erights"},{"login":"0xpatrickdev","count":338,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/0xpatrickdev"},{"login":"warner","count":292,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/warner"},{"login":"michaelfig","count":259,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/michaelfig"},{"login":"kriskowal","count":157,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kriskowal"},{"login":"mujahidkay","count":144,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mujahidkay"},{"login":"JimLarson","count":64,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/JimLarson"},{"login":"anilhelvaci","count":62,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/anilhelvaci"},{"login":"Jorge-Lopes","count":44,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Jorge-Lopes"},{"login":"dtribble","count":29,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dtribble"},{"login":"FUDCo","count":21,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/FUDCo"},{"login":"schnetzlerjoe","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/schnetzlerjoe"},{"login":"jeetraut","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jeetraut"}],"active_maintainers":[{"login":"turadg","count":348,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/turadg"},{"login":"dckc","count":212,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dckc"},{"login":"gibson042","count":195,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/gibson042"},{"login":"mhofman","count":134,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mhofman"},{"login":"mujahidkay","count":131,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mujahidkay"},{"login":"0xpatrickdev","count":130,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/0xpatrickdev"},{"login":"michaelfig","count":105,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/michaelfig"},{"login":"erights","count":80,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/erights"},{"login":"kriskowal","count":53,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kriskowal"},{"login":"anilhelvaci","count":52,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/anilhelvaci"},{"login":"Jorge-Lopes","count":33,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Jorge-Lopes"},{"login":"warner","count":12,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/warner"},{"login":"dtribble","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dtribble"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@agoric%2Finter-protocol/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@agoric%2Finter-protocol/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@agoric%2Finter-protocol/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@agoric%2Finter-protocol/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@agoric%2Finter-protocol/codemeta","maintainers":[{"uuid":"agoricbot","login":"agoricbot","name":null,"email":"devops@agoric.com","url":null,"packages_count":120,"html_url":"https://www.npmjs.com/~agoricbot","role":null,"created_at":"2022-11-09T05:58:08.178Z","updated_at":"2022-11-09T05:58:08.178Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/agoricbot/packages"},{"uuid":"warner","login":"warner","name":null,"email":"warner-npm@lothar.com","url":null,"packages_count":171,"html_url":"https://www.npmjs.com/~warner","role":null,"created_at":"2022-11-09T05:58:08.475Z","updated_at":"2022-11-09T05:58:08.475Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/warner/packages"},{"uuid":"erights","login":"erights","name":null,"email":"erights@gmail.com","url":null,"packages_count":173,"html_url":"https://www.npmjs.com/~erights","role":null,"created_at":"2022-11-09T05:58:08.494Z","updated_at":"2022-11-09T05:58:08.494Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/erights/packages"},{"uuid":"michaelfig","login":"michaelfig","name":null,"email":"michael@fig.org","url":null,"packages_count":182,"html_url":"https://www.npmjs.com/~michaelfig","role":null,"created_at":"2022-11-09T05:58:08.520Z","updated_at":"2022-11-09T05:58:08.520Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/michaelfig/packages"},{"uuid":"kriskowal","login":"kriskowal","name":null,"email":"kris.kowal@cixar.com","url":null,"packages_count":268,"html_url":"https://www.npmjs.com/~kriskowal","role":null,"created_at":"2022-11-09T05:58:08.544Z","updated_at":"2022-11-09T05:58:08.544Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/kriskowal/packages"},{"uuid":"gibson042","login":"gibson042","name":null,"email":"richard.gibson@gmail.com","url":null,"packages_count":126,"html_url":"https://www.npmjs.com/~gibson042","role":null,"created_at":"2024-03-12T04:30:32.586Z","updated_at":"2024-03-12T04:30:32.586Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/gibson042/packages"},{"uuid":"mhofman","login":"mhofman","name":null,"email":"mathieu+npmjs@agoric.com","url":null,"packages_count":173,"html_url":"https://www.npmjs.com/~mhofman","role":null,"created_at":"2023-09-24T04:57:46.025Z","updated_at":"2023-09-24T04:57:46.025Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/mhofman/packages"},{"uuid":"jimlarson","login":"jimlarson","name":null,"email":"jim@agoric.com","url":null,"packages_count":120,"html_url":"https://www.npmjs.com/~jimlarson","role":null,"created_at":"2023-02-17T00:25:07.756Z","updated_at":"2023-02-17T00:25:07.756Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jimlarson/packages"},{"uuid":"samsiegart","login":"samsiegart","name":null,"email":"sam@agoric.com","url":null,"packages_count":119,"html_url":"https://www.npmjs.com/~samsiegart","role":null,"created_at":"2023-04-03T23:12:30.757Z","updated_at":"2023-04-03T23:12:30.757Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/samsiegart/packages"},{"uuid":"mujahidkay","login":"mujahidkay","name":null,"email":"mujahidkay@gmail.com","url":null,"packages_count":112,"html_url":"https://www.npmjs.com/~mujahidkay","role":null,"created_at":"2024-11-02T21:50:58.515Z","updated_at":"2024-11-02T21:50:58.515Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/mujahidkay/packages"}]}