@aws-sdk/lib-storage
Storage higher order operation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard implicit TypeScript runtime dependency; stable for this package. | ai | |
| phantom-deps | phantom-dep:stream-browserify | AI (phantom-deps): stream-browserify is explicitly mapped in package.json browser field for Node.js stream polyfilling; stable for this package. | ai | |
| phantom-deps | phantom-dep:@smithy/protocol-http | AI (phantom-deps): Smithy framework package loaded by convention in AWS SDK middleware; stable for this package. | ai |
Versions (showing 51 of 646)
| Version | Deps | Published |
|---|---|---|
| 3.1046.0 | 6 / 8 | |
| 3.1045.0 | 8 / 8 | |
| 3.1044.0 | 8 / 8 | |
| 3.1043.0 | 8 / 8 | |
| 3.1042.0 | 8 / 8 | |
| 3.1041.0 | 8 / 8 | |
| 3.1040.0 | 8 / 8 | |
| 3.1039.0 | 8 / 8 | |
| 3.1038.0 | 8 / 8 | |
| 3.1037.0 | 8 / 8 | |
| 3.1036.0 | 8 / 8 | |
| 3.1035.0 | 8 / 8 | |
| 3.1034.0 | 8 / 8 | |
| 3.1033.0 | 8 / 8 | |
| 3.1032.0 | 8 / 8 | |
| 3.1031.0 | 8 / 8 | |
| 3.1030.0 | 8 / 8 | |
| 3.1029.0 | 8 / 8 | |
| 3.1028.0 | 8 / 8 | |
| 3.1027.0 | 8 / 8 | |
| 3.1026.0 | 8 / 8 | |
| 3.1025.0 | 8 / 8 | |
| 3.1024.0 | 8 / 8 | |
| 3.1023.0 | 8 / 8 | |
| 3.1022.0 | 8 / 8 | |
| 3.1021.0 | 8 / 8 | |
| 3.1020.0 | 8 / 8 | |
| 3.1019.0 | 8 / 8 | |
| 3.1018.0 | 8 / 8 | |
| 3.1017.0 | 9 / 8 | |
| 3.1016.0 | 7 / 9 | |
| 3.1015.0 | 7 / 9 | |
| 3.1014.0 | 7 / 9 | |
| 3.1013.0 | 7 / 9 | |
| 3.1012.0 | 7 / 9 | |
| 3.1011.0 | 7 / 9 | |
| 3.1010.0 | 7 / 9 | |
| 3.1009.0 | 7 / 9 | |
| 3.1008.0 | 7 / 9 | |
| 3.1007.0 | 7 / 9 | |
| 3.1006.0 | 7 / 9 | |
| 3.1005.0 | 7 / 9 | |
| 3.1004.0 | 7 / 9 | |
| 3.1003.0 | 7 / 9 | |
| 3.1002.0 | 7 / 9 | |
| 3.1001.0 | 7 / 9 | |
| 3.1000.0 | 7 / 9 | |
| 3.999.0 | 7 / 9 | |
| 3.998.0 | 7 / 9 | |
| 3.997.0 | 7 / 9 | |
| 3.996.0 | 7 / 9 |
v3.1046.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1045.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1044.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1043.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1042.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1041.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1040.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1039.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1038.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1037.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1036.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1035.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1034.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1033.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1032.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1031.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1030.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1029.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1028.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1027.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1026.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1025.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1024.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1023.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1022.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1021.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1020.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1019.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1018.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1017.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1016.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1015.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1014.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1013.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1012.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1011.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1010.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1009.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1008.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1007.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1006.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1005.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1004.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1003.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1002.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1001.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1000.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.999.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.998.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.997.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.996.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.