@aws-cdk/aws-certificatemanager
1
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
romainmulleramzn-ossrix0rrraws-cdk-team
Keywords
awscdkconstructscertificatemanager
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@aws-cdk/aws-acmpca | AI (dependencies): Sibling AWS CDK package published by the same aws-cdk-team at the same version; expected dependency for this construct library. | ai | |
| dependencies | unvetted-dep:@aws-cdk/aws-route53 | AI (dependencies): Sibling AWS CDK package published by the same aws-cdk-team at the same version; expected dependency for DNS validation support. | ai | |
| dependencies | unvetted-peer-dep:@aws-cdk/aws-acmpca | AI (dependencies): Sibling AWS CDK peer dependency from the same publisher; stable and expected for this package. | ai | |
| dependencies | unvetted-peer-dep:@aws-cdk/aws-route53 | AI (dependencies): Sibling AWS CDK peer dependency from the same publisher; stable and expected for this package. | ai | |
| provenance | no-provenance | AI (provenance): AWS CDK v1 is EOL and predates Sigstore provenance adoption; no provenance is expected for this package. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 1.204.0 | 7 / 5 |
v1.204.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.