@aws-cdk/cloudformation-diff

Utilities to diff CDK stacks against CloudFormation templates

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

amzn-ossaws-cdk-team

Keywords

awscdk

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:aws-sdk	AI (dependencies): aws-sdk is the official AWS JavaScript SDK v2, a first-party Amazon package. Its use is expected and appropriate in an AWS CDK CloudFormation diff utility.	ai	2026/04/22
dependencies	unvetted-dep:@aws-cdk/cfnspec	AI (dependencies): @aws-cdk/cfnspec is a sibling package from the same aws-cdk-team publisher and monorepo; it is a legitimate internal CDK dependency.	ai	2026/04/22
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is a TypeScript type package commonly declared in CDK package dependencies for type resolution; not a real runtime phantom dependency concern for this package.	ai	2026/04/22
source-diff	obfuscated-file:lib/format-foreach.js	AI (source-diff): Compiled TypeScript output from official AWS CDK package; long lines are from TS compilation, not obfuscation. Code is readable and matches package purpose. SLSA provenance confirms CI/CD origin.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): AWS CDK migrated to GitHub Actions CI/CD publishing with SLSA attestation; this is a legitimate infrastructure change for the official aws/aws-cdk-cli repo.	ai	2026/04/22
source-diff	obfuscated-file:lib/mappings.js	AI (source-diff): The file contains readable compiled TypeScript with meaningful names and logic; long lines are likely data tables, not obfuscation. Consistent with the package's diff-rendering purpose.	ai	2026/04/22
provenance	no-provenance	AI (provenance): aws-cdk-team is a well-established publisher with 500+ approved packages; lack of Sigstore provenance is a known gap for this publisher, not a security risk.	ai	2026/04/22
source-diff	obfuscated-file:lib/diff/template-and-changeset-diff-merger.js	AI (source-diff): File contains readable TypeScript-compiled JS with standard CDK class definitions. Long lines are an artifact of the TypeScript compiler output, not obfuscation. Pattern is consistent across all CDK packages.	ai	2026/04/22
source-diff	obfuscated-file:lib/iam/iam-identity-center.js	AI (source-diff): File contains readable TypeScript-compiled JS with standard CDK class definitions. Long lines are an artifact of the TypeScript compiler output, not obfuscation. Pattern is consistent across all CDK packages.	ai	2026/04/22
dependencies	unvetted-dep:@aws-cdk/service-spec-types	AI (dependencies): First-party AWS CDK package from the same aws/aws-cdk-cli organization; expected internal dependency for this package.	ai	2026/04/22
dependencies	unvetted-dep:@aws-cdk/aws-service-spec	AI (dependencies): First-party AWS CDK package from the same aws/aws-cdk-cli organization; expected internal dependency for this package.	ai	2026/04/22

Versions (showing 100 of 554)

Version	Deps	Published
2.49.1	7 / 7	2022-11-01
2.49.0	7 / 7	2022-10-28
2.48.0	7 / 7	2022-10-27
2.47.0	7 / 7	2022-10-20
2.46.0	7 / 7	2022-10-13
2.45.0	7 / 7	2022-10-06
2.44.0	7 / 7	2022-09-29
2.43.1	7 / 7	2022-09-23
2.43.0	7 / 7	2022-09-21
2.42.1	7 / 7	2022-09-19
2.42.0	7 / 7	2022-09-16
2.41.0	7 / 7	2022-09-08
2.40.0	7 / 7	2022-09-01
2.39.1	7 / 7	2022-08-29
2.39.0	7 / 7	2022-08-25
2.38.1	7 / 7	2022-08-18
2.38.0	7 / 7	2022-08-17
2.37.1	7 / 7	2022-08-10
2.37.0	7 / 7	2022-08-09
2.36.0	7 / 7	2022-08-08
2.35.0	7 / 7	2022-08-02
2.34.2	7 / 7	2022-07-30
2.34.1	7 / 7	2022-07-29
2.34.0	7 / 7	2022-07-29
2.33.0	7 / 7	2022-07-19
2.32.1	7 / 7	2022-07-16
2.32.0	7 / 7	2022-07-14
2.31.2	7 / 7	2022-07-14
2.31.1	7 / 7	2022-07-09
2.31.0	7 / 7	2022-07-06
2.30.0	7 / 7	2022-07-01
2.29.1	7 / 7	2022-06-24
2.29.0	7 / 7	2022-06-23
2.28.1	7 / 7	2022-06-16
2.28.0	7 / 7	2022-06-14
2.27.0	7 / 7	2022-06-03
2.26.0	7 / 7	2022-05-30
2.25.0	7 / 7	2022-05-21
2.24.1	7 / 7	2022-05-13
2.24.0	7 / 7	2022-05-12
2.23.0	7 / 7	2022-05-04
2.22.0	7 / 7	2022-04-28
2.21.1	7 / 7	2022-04-23
2.21.0	7 / 7	2022-04-22
2.20.0	7 / 7	2022-04-07
2.19.0	7 / 7	2022-04-01
2.18.0	7 / 7	2022-03-29
2.17.0	7 / 7	2022-03-17
2.16.0	7 / 7	2022-03-12
2.15.0	7 / 7	2022-03-01
2.14.0	7 / 7	2022-02-25
2.13.0	7 / 7	2022-02-19
2.12.0	7 / 7	2022-02-09
2.11.0	7 / 7	2022-02-08
2.10.0	7 / 7	2022-01-29
2.9.0	7 / 7	2022-01-26
2.8.0	7 / 7	2022-01-13
2.7.0	7 / 7	2022-01-12
2.6.0	7 / 7	2022-01-12
2.5.0	7 / 7	2022-01-09
2.4.0	7 / 7	2022-01-06
2.3.0	7 / 7	2021-12-22
2.2.0	7 / 7	2021-12-15
2.1.0	7 / 7	2021-12-08
2.0.0	7 / 7	2021-12-02
1.204.0	7 / 7	2023-06-19
1.203.0	7 / 7	2023-05-31
1.202.0	7 / 7	2023-05-22
1.201.0	7 / 7	2023-05-10
1.200.0	7 / 7	2023-04-26
1.199.0	7 / 7	2023-04-20
1.198.1	7 / 7	2023-03-31
1.198.0	7 / 7	2023-03-22
1.197.0	7 / 7	2023-03-14
1.196.0	7 / 7	2023-03-08
1.195.0	7 / 7	2023-03-02
1.194.0	7 / 7	2023-02-21
1.193.0	7 / 7	2023-02-15
1.192.0	7 / 7	2023-02-09
1.191.0	7 / 7	2023-01-31
1.190.0	7 / 7	2023-01-25
1.189.0	7 / 7	2023-01-19
1.188.0	7 / 7	2023-01-11
1.187.0	7 / 7	2023-01-03
1.186.1	7 / 7	2022-12-30
1.186.0	7 / 7	2022-12-29
1.185.0	7 / 7	2022-12-28
1.184.1	7 / 7	2022-12-23
1.184.0	7 / 7	2022-12-22
1.183.0	7 / 7	2022-12-14
1.182.0	7 / 7	2022-12-07
1.181.1	7 / 7	2022-11-29
1.181.0	7 / 7	2022-11-18
1.180.0	7 / 7	2022-11-01
1.179.0	7 / 7	2022-10-27
1.178.0	7 / 7	2022-10-20
1.177.0	7 / 7	2022-10-14
1.176.0	7 / 7	2022-10-06
1.175.0	7 / 7	2022-09-29
1.174.0	7 / 7	2022-09-22

Showing 100 of 554 Next page →