@aws-amplify/ui-react-liveness No license 17 versions

@aws-amplify/ui-react-liveness

npm Repository Homepage

17

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amzn-ossaws-amplify-opsamplify-studio-uibuilderamplify-codegenamplify-data-dev-npmaws-amplify-data-runtime

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): AWS org housekeeping; publisher aws-amplify-ops has 4119 approved packages and long track record.	ai	2026/05/24
publish-pattern	new-deps-added	AI (publish-pattern): uuid is a well-established package replacing nanoid; routine dep swap for this AWS Amplify component.	ai	2026/05/24
dependencies	unvetted-peer-dep:aws-amplify	AI (dependencies): Peer dependency on aws-amplify is expected for this AWS Amplify UI component.	ai	2026/05/23
dependencies	unvetted-dep:@tensorflow-models/face-detection	AI (dependencies): Official TensorFlow.js face detection model; expected dependency for a face liveness detection component.	ai	2026/05/09
phantom-deps	phantom-dep:@tensorflow/tfjs-converter	AI (phantom-deps): tfjs-converter is a declared runtime dep used by TensorFlow model loading; stable false positive for this ML-based package.	ai	2026/05/02
dependencies	unvetted-dep:@tensorflow/tfjs-core	AI (dependencies): TensorFlow.js core is a legitimate Google ML library used for face detection in this liveness component.	ai	2026/05/02
bogus-package	bogus-package	AI (bogus-package): Established AWS Amplify UI component; sparse README/keywords are a documentation issue, not a spam signal.	ai	2026/04/28
phantom-deps	phantom-dep:@mediapipe/face_detection	AI (phantom-deps): Declared as runtime dep and used via config/indirect import; phantom-dep heuristic is a false positive here.	ai	2026/04/28

Versions (showing 17 of 17)

Version	Deps	Published
3.6.5	18 / 9	2026-05-12
3.6.4	18 / 9	2026-04-08
3.6.3	18 / 9	2026-03-16
3.6.2	18 / 9	2026-03-11
3.6.1	18 / 9	2026-02-26
3.6.0	18 / 9	2026-02-11
3.5.1	18 / 9	2026-02-05
3.5.0	19 / 7	2025-12-11
3.4.7	19 / 7	2025-10-24
3.4.6	19 / 7	2025-09-25
3.4.5	19 / 7	2025-09-24
3.4.4	19 / 7	2025-08-22
3.4.3	19 / 7	2025-08-12
3.4.2	19 / 7	2025-07-24
3.4.1	19 / 7	2025-06-30
3.4.0	19 / 7	2025-06-27
3.3.9	19 / 7	2025-05-13

v3.6.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.