← Home

@activepieces/piece-amazon-s3

npm
24
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

abuaboudactivepieces-botabdul_activepiecer

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@ai-sdk/replicate AI (phantom-deps): Config-referenced AI provider; stable pattern for this package. ai
phantom-deps phantom-dep:mime-types AI (phantom-deps): Config-referenced utility; stable pattern for this package. ai
phantom-deps phantom-dep:@ai-sdk/anthropic AI (phantom-deps): Config-referenced AI provider; stable pattern for this package. ai
phantom-deps phantom-dep:@ai-sdk/openai AI (phantom-deps): Config-referenced AI provider; stable pattern for this package. ai
phantom-deps phantom-dep:@ai-sdk/google AI (phantom-deps): Config-referenced AI provider; stable pattern for this package. ai
phantom-deps phantom-dep:ai AI (phantom-deps): Config-referenced AI SDK dependency; stable pattern for this package. ai
phantom-deps phantom-dep:fast-glob AI (phantom-deps): Config-referenced utility; stable pattern for this package. ai
phantom-deps phantom-dep:socket.io-client AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
phantom-deps phantom-dep:@sinclair/typebox AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
phantom-deps phantom-dep:axios-retry AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
phantom-deps phantom-dep:zod AI (phantom-deps): Transitive dependency through @activepieces/pieces-framework; stable pattern. ai
phantom-deps phantom-dep:axios AI (phantom-deps): Transitive dependency through @activepieces/pieces-common; stable pattern. ai
phantom-deps phantom-dep:nanoid AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
phantom-deps phantom-dep:semver AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
phantom-deps phantom-dep:form-data AI (phantom-deps): Transitive dependency through axios; stable pattern. ai
phantom-deps phantom-dep:deepmerge-ts AI (phantom-deps): Transitive dependency through framework; stable pattern. ai
bogus-package bogus-package AI (bogus-package): Activepieces framework piece; lacks repo/keywords by design; established publisher. ai
npm-metadata no-description AI (npm-metadata): Framework-scoped piece package; description omission is common and benign. ai
phantom-deps phantom-dep:@aws-sdk/core AI (phantom-deps): AWS SDK v3 dynamic module loading; stable pattern for this package. ai
phantom-deps phantom-dep:@smithy/core AI (phantom-deps): AWS SDK v3 Smithy framework loads these packages by convention; stable pattern for this package. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decode is part of PGP file decryption logic using openpgp; not a malicious payload pattern. ai

Versions (showing 24 of 24)

Version Deps Published
0.5.9 10 / 1
0.5.8 10 / 1
0.5.7 107 / 1
0.5.6 107 / 1
0.5.5 10 / 1
0.5.4 20 / 0
0.5.3 21 / 0
0.5.2 21 / 0
0.5.1 21 / 0
0.5.0 21 / 0
0.4.0 17 / 0
0.3.18 15 / 0
0.3.17 16 / 0
0.3.16 16 / 0
0.3.15 21 / 0
0.3.14 21 / 0
0.3.13 21 / 0
0.3.12 21 / 0
0.3.11 21 / 0
0.3.10 21 / 0
0.3.9 21 / 0
0.3.8 21 / 0
0.3.7 21 / 0
0.3.6 19 / 0

v0.5.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.