@aws-amplify/plugin-types

This is a **types only** package that is used to facilitate dependency injection patterns across the codebase. Components can declare that they need an instance of a certain type that comes from this package and another component can provide the implement

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

amzn-ossaws-amplify-opsamplify-studio-uibuilderamplify-codegenamplify-data-dev-npmaws-amplify-data-runtime

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): AWS Amplify team transitioned to GitHub Actions for automated publishing, confirmed by SLSA provenance attestation. This is a legitimate CI/CD pipeline adoption for the official aws-amplify org.	ai	2026/04/22
dependencies	unvetted-peer-dep:aws-cdk-lib	AI (dependencies): Peer dependency on aws-cdk-lib is expected for CDK type definitions; consumer controls the version.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Type definition packages are minimal by design; short README and no repo URL are expected for scoped AWS packages consumed as dependencies.	ai	2026/04/21
dependencies	unvetted-dep:@aws-cdk/toolkit-lib	AI (dependencies): AWS CDK dependencies are expected for this package's purpose; no code execution risk from type definitions.	ai	2026/04/21

Versions (showing 35 of 35)

Show 1 prerelease

Version	Deps	Published
1.12.0	1 / 0	2026-03-11
1.11.2	1 / 0	2026-01-16
1.11.1	1 / 0	2025-10-27
1.11.0	1 / 0	2025-06-16
1.10.1	1 / 0	2025-05-05
1.10.0	1 / 0	2025-04-24
1.9.0	1 / 0	2025-03-25
1.8.1	0 / 0	2025-03-13
1.8.0	0 / 0	2025-01-16
1.7.0	0 / 0	2025-01-03
1.6.0	0 / 0	2024-12-09
1.5.0	0 / 1	2024-11-19
1.4.0	0 / 1	2024-11-11
1.3.1	0 / 1	2024-10-31
1.3.0	0 / 1	2024-09-21
1.2.2	0 / 1	2024-09-18
1.2.1	0 / 1	2024-08-16
1.2.0	0 / 1	2024-08-15
1.1.1	0 / 1	2024-08-12
1.1.0	0 / 1	2024-07-24
1.0.1	0 / 1	2024-06-27
1.0.0	0 / 1	2024-05-01
0.10.0	0 / 1	2024-04-26
0.9.0	0 / 1	2024-04-19
0.8.0	0 / 1	2024-02-06
0.7.1	0 / 0	2024-01-12
0.7.0	0 / 0	2024-01-05
0.6.0	0 / 0	2023-12-26
0.5.0	0 / 0	2023-12-05
0.4.2	0 / 0	2023-11-22
0.4.1	0 / 0	2023-11-14
0.4.0	0 / 0	2023-11-10
0.3.1	0 / 0	2023-11-06
0.3.0	0 / 0	2023-11-02
0.2.0	0 / 0	2023-10-30

v1.12.0

2 findings

HIGH Publisher changed: aws-amplify-ops → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.11.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.11.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.