@aligent/cdk-step-function-from-file MIT 9 versions

@aligent/cdk-step-function-from-file

npm Repository Homepage

![TypeScript version](https://img.shields.io/github/package-json/dependency-version/aligent/cdk-constructs/dev/typescript?filename=packages/constructs/step-function-from-file/package.json&color=red) ![AWS CDK version](https://img.shields.io/github/package

9

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jarrod.swiftaligent-danielvanderploegaligent-bottom.thorogood

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publisher with SLSA attestation indicates CI/CD pipeline change, not compromise.	ai	2026/05/05
phantom-deps	phantom-dep:source-map-support	AI (phantom-deps): source-map-support is a declared runtime dep; phantom-dep false positive for this package.	ai	2026/05/05

Versions (showing 9 of 9)

Version	Deps	Published
0.5.3	1 / 7	2026-05-22
0.5.2	1 / 7	2026-05-04
0.5.1	1 / 7	2026-04-28
0.5.0	1 / 7	2026-04-24
0.4.0	1 / 7	2026-04-15
0.3.6	1 / 7	2026-04-14
0.3.5	1 / 7	2026-02-11
0.3.3	1 / 7	2026-01-21
0.3.2	1 / 7	2025-11-28

v0.5.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.5

2 findings

HIGH Publisher changed: aligent-bot → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.