@aws-sdk/client-bedrock-runtime
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@smithy/middleware-serde | AI (phantom-deps): Smithy framework packages are loaded by convention in the AWS SDK middleware architecture; phantom-dep finding is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@smithy/middleware-stack | AI (phantom-deps): Smithy framework packages are loaded by convention in the AWS SDK middleware architecture; phantom-dep finding is a stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): aws-sdk-bot is a well-established publisher with 34k+ approved packages; lack of Sigstore provenance is acceptable given the verified publisher identity and official GitHub repo. | ai |
Versions (showing 51 of 315)
| Version | Deps | Published |
|---|---|---|
| 3.1087.0 | 12 / 8 | |
| 3.1086.0 | 12 / 8 | |
| 3.1085.0 | 12 / 8 | |
| 3.1084.0 | 12 / 8 | |
| 3.1083.0 | 12 / 8 | |
| 3.1082.0 | 12 / 8 | |
| 3.1081.0 | 12 / 8 | |
| 3.1080.0 | 12 / 8 | |
| 3.1079.0 | 12 / 8 | |
| 3.1078.0 | 12 / 8 | |
| 3.1077.0 | 12 / 8 | |
| 3.1076.0 | 14 / 8 | |
| 3.1075.0 | 14 / 8 | |
| 3.1074.0 | 14 / 8 | |
| 3.1073.0 | 14 / 8 | |
| 3.1072.0 | 14 / 8 | |
| 3.1071.0 | 14 / 8 | |
| 3.1070.0 | 14 / 8 | |
| 3.1069.0 | 14 / 8 | |
| 3.1068.0 | 14 / 8 | |
| 3.1067.0 | 14 / 8 | |
| 3.1066.0 | 14 / 8 | |
| 3.1065.0 | 14 / 8 | |
| 3.1064.0 | 14 / 8 | |
| 3.1063.0 | 14 / 8 | |
| 3.1062.0 | 14 / 8 | |
| 3.1061.0 | 14 / 8 | |
| 3.1060.0 | 14 / 8 | |
| 3.1059.0 | 14 / 8 | |
| 3.1058.0 | 14 / 8 | |
| 3.1057.0 | 14 / 8 | |
| 3.1056.0 | 14 / 8 | |
| 3.1055.0 | 14 / 8 | |
| 3.1054.0 | 14 / 8 | |
| 3.1053.0 | 14 / 8 | |
| 3.1052.0 | 14 / 8 | |
| 3.1051.0 | 14 / 8 | |
| 3.1050.0 | 14 / 8 | |
| 3.1049.0 | 14 / 8 | |
| 3.1048.0 | 14 / 8 | |
| 3.1047.0 | 22 / 8 | |
| 3.1046.0 | 22 / 8 | |
| 3.1045.0 | 47 / 8 | |
| 3.1044.0 | 47 / 8 | |
| 3.1043.0 | 47 / 8 | |
| 3.1042.0 | 47 / 8 | |
| 3.1041.0 | 47 / 8 | |
| 3.1040.0 | 47 / 8 | |
| 3.1039.0 | 47 / 8 | |
| 3.1038.0 | 47 / 8 | |
| 3.1037.0 | 47 / 8 |
v3.1087.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1086.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1085.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1084.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1083.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1082.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1081.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1080.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1079.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1078.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1077.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1076.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1075.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1074.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1073.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1072.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1071.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1070.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1069.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1068.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1067.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1066.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1065.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1064.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1063.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1062.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1061.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1060.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1059.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1058.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1057.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1056.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1055.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1054.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1052.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1050.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1045.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1037.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.