@aws-sdk/eventstream-handler-node
[](https://www.npmjs.com/package/@aws-sdk/eventstream-handler-node) [](https://ww
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:hex-decode | AI (semgrep): Buffer.from(signature, 'hex') is legitimate cryptographic code converting hex-encoded HMAC signatures to binary for event stream authentication. Not obfuscation. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): AWS SDK maintainer consolidation under aws-sdk-bot automation account; removed maintainers are AWS employees, consistent with SDK monorepo management practices. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper used across the entire AWS SDK v3 monorepo; phantom dep pattern is expected. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/types | AI (phantom-deps): @aws-sdk/types is a framework-scoped package loaded by convention across the AWS SDK v3 monorepo; phantom dep pattern is expected. | ai |
Versions (showing 51 of 200)
| Version | Deps | Published |
|---|---|---|
| 3.972.27 | 4 / 6 | |
| 3.972.26 | 4 / 6 | |
| 3.972.25 | 4 / 6 | |
| 3.972.24 | 4 / 6 | |
| 3.972.23 | 4 / 6 | |
| 3.972.22 | 4 / 6 | |
| 3.972.21 | 4 / 6 | |
| 3.972.20 | 4 / 6 | |
| 3.972.19 | 4 / 6 | |
| 3.972.18 | 4 / 6 | |
| 3.972.17 | 4 / 6 | |
| 3.972.16 | 4 / 6 | |
| 3.972.15 | 4 / 6 | |
| 3.972.14 | 4 / 7 | |
| 3.972.13 | 4 / 7 | |
| 3.972.12 | 4 / 7 | |
| 3.972.11 | 4 / 7 | |
| 3.972.10 | 4 / 7 | |
| 3.972.9 | 4 / 7 | |
| 3.972.8 | 4 / 7 | |
| 3.972.7 | 4 / 7 | |
| 3.972.6 | 4 / 7 | |
| 3.972.5 | 4 / 7 | |
| 3.972.4 | 4 / 7 | |
| 3.972.3 | 4 / 7 | |
| 3.972.2 | 4 / 7 | |
| 3.972.1 | 4 / 7 | |
| 3.972.0 | 4 / 7 | |
| 3.971.0 | 4 / 7 | |
| 3.969.0 | 4 / 7 | |
| 3.968.0 | 4 / 7 | |
| 3.965.0 | 4 / 7 | |
| 3.957.0 | 4 / 7 | |
| 3.956.0 | 4 / 7 | |
| 3.953.0 | 4 / 7 | |
| 3.936.0 | 4 / 7 | |
| 3.930.0 | 4 / 7 | |
| 3.922.0 | 4 / 7 | |
| 3.921.0 | 4 / 7 | |
| 3.920.0 | 4 / 7 | |
| 3.914.0 | 4 / 7 | |
| 3.910.0 | 4 / 7 | |
| 3.901.0 | 4 / 7 | |
| 3.893.0 | 4 / 7 | |
| 3.890.0 | 4 / 7 | |
| 3.887.0 | 4 / 7 | |
| 3.873.0 | 4 / 7 | |
| 3.862.0 | 4 / 7 | |
| 3.840.0 | 4 / 7 | |
| 3.821.0 | 4 / 7 | |
| 3.804.0 | 4 / 7 |
v3.972.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.