@aws-sdk/types
Types for the AWS SDK
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): AWS SDK team consolidates maintainers over time under aws-sdk-bot; removal of individual maintainers is a known pattern for this package family, not a takeover signal. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): tslib and @smithy/types are legitimate AWS/TypeScript ecosystem packages added as part of the AWS SDK v3 Smithy refactor; not a supply chain risk. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Diff is against a very old version (v3.12.0); 121 new files reflect legitimate accumulated development across 189 versions of an active AWS SDK package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size reduction reflects intentional AWS SDK v3 refactoring where types were extracted into @smithy/types; this package now delegates to that, making it legitimately smaller. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; phantom-dep false positive is stable for all TypeScript packages including this one. | ai | |
| provenance | no-provenance | AI (provenance): aws-sdk-bot is a well-established automated publisher; lack of Sigstore provenance is consistent across all AWS SDK packages and not a risk signal here. | ai | |
| bogus-package | bogus-package | AI (bogus-package): This is the official AWS SDK types package with 97 approved-dep edges; README/keyword signals are stable false positives for this package. | ai |
Versions (showing 51 of 164)
| Version | Deps | Published |
|---|---|---|
| 3.973.13 | 2 / 5 | |
| 3.973.12 | 2 / 5 | |
| 3.973.11 | 2 / 5 | |
| 3.973.10 | 2 / 5 | |
| 3.973.9 | 2 / 5 | |
| 3.973.8 | 2 / 5 | |
| 3.973.7 | 2 / 5 | |
| 3.973.6 | 2 / 5 | |
| 3.973.5 | 2 / 5 | |
| 3.973.4 | 2 / 5 | |
| 3.973.3 | 2 / 5 | |
| 3.973.2 | 2 / 5 | |
| 3.973.1 | 2 / 5 | |
| 3.973.0 | 2 / 5 | |
| 3.972.0 | 2 / 5 | |
| 3.969.0 | 2 / 5 | |
| 3.968.0 | 2 / 5 | |
| 3.965.0 | 2 / 5 | |
| 3.957.0 | 2 / 5 | |
| 3.956.0 | 2 / 5 | |
| 3.953.0 | 2 / 5 | |
| 3.936.0 | 2 / 5 | |
| 3.930.0 | 2 / 5 | |
| 3.922.0 | 2 / 5 | |
| 3.921.0 | 2 / 5 | |
| 3.920.0 | 2 / 5 | |
| 3.914.0 | 2 / 5 | |
| 3.910.0 | 2 / 5 | |
| 3.901.0 | 2 / 5 | |
| 3.893.0 | 2 / 5 | |
| 3.887.0 | 2 / 5 | |
| 3.862.0 | 2 / 5 | |
| 3.840.0 | 2 / 5 | |
| 3.821.0 | 2 / 5 | |
| 3.804.0 | 2 / 5 | |
| 3.775.0 | 2 / 5 | |
| 3.734.0 | 2 / 5 | |
| 3.731.0 | 2 / 5 | |
| 3.723.0 | 2 / 5 | |
| 3.714.0 | 2 / 5 | |
| 3.713.0 | 2 / 5 | |
| 3.709.0 | 2 / 5 | |
| 3.696.0 | 2 / 5 | |
| 3.692.0 | 2 / 5 | |
| 3.686.0 | 2 / 5 | |
| 3.679.0 | 2 / 5 | |
| 3.667.0 | 2 / 5 | |
| 3.664.0 | 2 / 5 | |
| 3.662.0 | 2 / 5 | |
| 3.654.0 | 2 / 5 | |
| 3.649.0 | 2 / 5 |
v3.973.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.973.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.973.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.973.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.973.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.