@aws-sdk/body-checksum-node
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; stable false positive for AWS SDK packages. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/types | AI (phantom-deps): Framework-scoped type package; stable false positive for AWS SDK monorepo packages. | ai | |
| phantom-deps | phantom-dep:@smithy/protocol-http | AI (phantom-deps): Framework-scoped Smithy package; stable false positive for AWS SDK monorepo packages. | ai |
Versions (showing 40 of 40)
| Version | Deps | Published |
|---|---|---|
| 3.972.17 | 6 / 6 | |
| 3.972.16 | 6 / 6 | |
| 3.972.15 | 6 / 6 | |
| 3.972.14 | 6 / 6 | |
| 3.972.13 | 6 / 6 | |
| 3.972.12 | 6 / 6 | |
| 3.972.11 | 9 / 6 | |
| 3.972.10 | 9 / 6 | |
| 3.972.9 | 9 / 6 | |
| 3.972.8 | 9 / 6 | |
| 3.972.7 | 9 / 6 | |
| 3.972.6 | 9 / 6 | |
| 3.972.5 | 9 / 6 | |
| 3.972.4 | 9 / 6 | |
| 3.972.3 | 9 / 6 | |
| 3.972.2 | 9 / 6 | |
| 3.972.1 | 9 / 6 | |
| 3.972.0 | 9 / 6 | |
| 3.969.0 | 9 / 6 | |
| 3.968.0 | 9 / 6 | |
| 3.965.0 | 9 / 6 | |
| 3.957.0 | 9 / 6 | |
| 3.956.0 | 9 / 6 | |
| 3.953.0 | 9 / 6 | |
| 3.936.0 | 9 / 6 | |
| 3.930.0 | 9 / 6 | |
| 3.922.0 | 9 / 6 | |
| 3.921.0 | 9 / 6 | |
| 3.920.0 | 9 / 6 | |
| 3.914.0 | 9 / 6 | |
| 3.910.0 | 9 / 6 | |
| 3.901.0 | 9 / 6 | |
| 3.893.0 | 9 / 6 | |
| 3.890.0 | 9 / 6 | |
| 3.887.0 | 9 / 6 | |
| 3.873.0 | 9 / 6 | |
| 3.862.0 | 9 / 6 | |
| 3.840.0 | 9 / 6 | |
| 3.821.0 | 9 / 6 | |
| 3.804.0 | 9 / 6 |
v3.972.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.972.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.969.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.968.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.965.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.957.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.956.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.953.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.936.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.930.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.922.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.921.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.920.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.914.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.910.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.901.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.893.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.890.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.887.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.873.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.862.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.840.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.821.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.804.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.