@aws-sdk/credential-provider-process
AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-exec | AI (semgrep): This package's core purpose is executing a credential_process command from the user's AWS config. child_process.exec() is intentional and documented AWS SDK behavior, not a security risk. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/shared-ini-file-loader | AI (phantom-deps): @aws-sdk/shared-ini-file-loader is a declared dependency in package.json and a legitimate sibling AWS SDK package; phantom-dep finding is a false positive here. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency used implicitly by compiled TypeScript output; this is a known false positive pattern for TypeScript packages. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process import is required for the credential_process feature; stable and expected for this package across all versions. | ai |
Versions (showing 51 of 301)
| Version | Deps | Published |
|---|---|---|
| 3.972.58 | 5 / 6 | |
| 3.972.57 | 5 / 6 | |
| 3.972.56 | 5 / 6 | |
| 3.972.55 | 5 / 6 | |
| 3.972.54 | 5 / 6 | |
| 3.972.53 | 5 / 6 | |
| 3.972.52 | 5 / 6 | |
| 3.972.51 | 5 / 6 | |
| 3.972.50 | 5 / 6 | |
| 3.972.49 | 5 / 6 | |
| 3.972.48 | 5 / 6 | |
| 3.972.47 | 5 / 6 | |
| 3.972.46 | 5 / 6 | |
| 3.972.45 | 5 / 6 | |
| 3.972.44 | 5 / 6 | |
| 3.972.43 | 5 / 6 | |
| 3.972.42 | 5 / 6 | |
| 3.972.41 | 5 / 6 | |
| 3.972.40 | 5 / 6 | |
| 3.972.39 | 5 / 6 | |
| 3.972.38 | 5 / 6 | |
| 3.972.37 | 5 / 6 | |
| 3.972.36 | 5 / 6 | |
| 3.972.35 | 5 / 6 | |
| 3.972.34 | 6 / 6 | |
| 3.972.33 | 6 / 6 | |
| 3.972.32 | 6 / 6 | |
| 3.972.31 | 6 / 6 | |
| 3.972.30 | 6 / 6 | |
| 3.972.29 | 6 / 6 | |
| 3.972.28 | 6 / 6 | |
| 3.972.27 | 6 / 6 | |
| 3.972.26 | 6 / 6 | |
| 3.972.25 | 6 / 6 | |
| 3.972.24 | 6 / 6 | |
| 3.972.23 | 6 / 6 | |
| 3.972.22 | 6 / 6 | |
| 3.972.21 | 6 / 6 | |
| 3.972.20 | 6 / 6 | |
| 3.972.19 | 6 / 6 | |
| 3.972.18 | 6 / 6 | |
| 3.972.17 | 6 / 6 | |
| 3.972.16 | 6 / 6 | |
| 3.972.15 | 6 / 6 | |
| 3.972.14 | 6 / 6 | |
| 3.972.13 | 6 / 6 | |
| 3.972.12 | 6 / 6 | |
| 3.972.11 | 6 / 6 | |
| 3.972.10 | 6 / 6 | |
| 3.972.9 | 6 / 6 | |
| 3.972.8 | 6 / 6 |
v3.972.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.