@aws/create-nx-workspace Apache-2.0 36 versions

@aws/create-nx-workspace

npm Repository

The quickest way to start building on AWS with the [Nx Plugin for AWS](https://github.com/awslabs/nx-plugin-for-aws).

36

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

apj-cope

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:env-spread	AI (semgrep): CLI tool passes process.env to child process with a single override — standard scaffolding pattern, not exfiltration.	ai	2026/05/24
semgrep	semgrep:child-process-import	AI (semgrep): CLI scaffolding tool; child_process use is expected for workspace/project creation commands.	ai	2026/05/23
bogus-package	bogus-package	AI (bogus-package): Thin CLI wrapper from AWS Labs; no deps/keywords and minimal README are expected for this package type.	ai	2026/05/23

Versions (showing 36 of 36)

Version	Deps	Published
0.122.0	0 / 0	2026-06-03
0.121.0	0 / 0	2026-05-31
0.120.0	0 / 0	2026-05-29
0.119.0	0 / 0	2026-05-29
0.118.0	0 / 0	2026-05-27
0.117.0	0 / 0	2026-05-25
0.116.0	0 / 0	2026-05-23
0.115.1	0 / 0	2026-05-20
0.115.0	0 / 0	2026-05-20
0.114.3	0 / 0	2026-05-19
0.114.2	0 / 0	2026-05-18
0.114.1	0 / 0	2026-05-16
0.114.0	0 / 0	2026-05-14
0.113.0	0 / 0	2026-05-12
0.112.1	0 / 0	2026-05-12
0.112.0	0 / 0	2026-05-11
0.111.0	0 / 0	2026-05-08
0.110.0	0 / 0	2026-05-08
0.109.1	0 / 0	2026-05-06
0.109.0	0 / 0	2026-05-05
0.108.0	0 / 0	2026-05-04
0.107.0	0 / 0	2026-04-30
0.106.0	0 / 0	2026-04-29
0.105.0	0 / 0	2026-04-29
0.104.1	0 / 0	2026-04-28
0.104.0	0 / 0	2026-04-28
0.103.0	0 / 0	2026-04-26
0.102.0	0 / 0	2026-04-23
0.101.0	0 / 0	2026-04-21
0.100.0	0 / 0	2026-04-21
0.99.1	0 / 0	2026-04-19
0.99.0	0 / 0	2026-04-19
0.98.0	0 / 0	2026-04-19
0.97.1	0 / 0	2026-04-18
0.97.0	0 / 0	2026-04-15
0.96.0	0 / 0	2026-04-15

v0.122.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.121.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.120.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.119.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.118.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.117.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.116.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.115.1

2 findings

HIGH env-spread: bin/index.cjs:179 semgrep

Spreading entire process.env into an object — may capture all secrets 177 | ], { 178 | stdio: "inherit", > 179 | env: { 180 | ...process.env, 181 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.115.0

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.3

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.2

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.1

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.114.0

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.113.0

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.112.1

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.112.0

2 findings

HIGH env-spread: bin/index.cjs:178 semgrep

Spreading entire process.env into an object — may capture all secrets 176 | ], { 177 | stdio: "inherit", > 178 | env: { 179 | ...process.env, 180 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.111.0

2 findings

HIGH env-spread: bin/index.cjs:167 semgrep

Spreading entire process.env into an object — may capture all secrets 165 | ], { 166 | stdio: "inherit", > 167 | env: { 168 | ...process.env, 169 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.110.0

2 findings

HIGH env-spread: bin/index.cjs:167 semgrep

Spreading entire process.env into an object — may capture all secrets 165 | ], { 166 | stdio: "inherit", > 167 | env: { 168 | ...process.env, 169 | pnpm_config_strict_dep_builds: "false"

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.109.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.109.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.108.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.