FEATURES PRICING BREACHES BLOG API

SIGN IN SCAN FREE

Home/github.com/solana-labs/solana-web3.js

SCANNING solana-labs/solana-web3.js...

AI-powered security scanner.
150+ checks in under 30 seconds.

PRODUCT

Free Scan
Security Check (5000+)
Pricing
Features
Comparison

DEVELOPERS

API Docs
MCP Server
Blog
Changelog
Status

LEGAL

Privacy Policy
Terms of Service
Contact

© 2026 SCANMYVIBE — ALL SYSTEMS OPERATIONAL

SECURITY FOR EVERYONE

SUPPLY-CHAIN REPORT

solana-labs/solana-web3.js

Solana JavaScript SDK

VERDICTCOMPROMISED·61/100

View on GitHub →

STARS

2,721

FORKS

1,049

OPEN ISSUES

23

LANGUAGE

TypeScript

LICENSE

MIT

LAST PUSH

2026-04-10

SIGNALS

BAD

Historical supply-chain incidents

1 known incident on record. Worst: @solana/web3.js npm supply-chain attack (CVE-2024-54134).

INFO

Historical security advisories

2 disclosed advisories (0 critical, 2 high) — typically patched in newer releases. Pin to the latest version.

OK

Maintenance activity

Actively maintained. Last push 6 days ago.

OK

Ecosystem trust

2,721 stars.

OK

License

MIT

HISTORICAL INCIDENTS (1)

CRITICAL2024-12-03

@solana/web3.js npm supply-chain attack (CVE-2024-54134)

Attackers compromised a maintainer account and published versions 1.95.6/1.95.7 with key-stealing code targeting Solana private keys. Published for ~5 hours before detection.

METHODOLOGY

This report is generated on demand by querying the GitHub API for repository metadata and published security advisories, then cross-referencing our curated database of known supply-chain incidents (xz-utils, event-stream, ua-parser-js, colors.js, tj-actions, Codecov, and more). Results are cached for 24 hours. We do not scan repository code or dependencies — for that, see Snyk or Socket. Verdict: CLEAN ≥80, CAUTION 50–79, COMPROMISED<50.

SCAN A DEPLOYED SITE

Repo looks clean but the live deployment might still be exposing headers, CORS, or SSL misconfigurations.