@aws/lsp-codewhisperer
CodeWhisperer Language Server
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:@amzn/codewhisperer | AI (npm-metadata): Bundled internal Amazon SDK; file: dep is intentional and consistent across all versions. | ai | |
| dependencies | unvetted-dep:@amazon/elastic-gumby-frontend-client | AI (dependencies): Internal bundled dep; not a registry package by design. | ai | |
| dependencies | unvetted-dep:@amzn/codewhisperer-runtime | AI (dependencies): Internal bundled dep; not a registry package by design. | ai | |
| dependencies | unvetted-dep:@amzn/codewhisperer | AI (dependencies): Internal bundled dep; not a registry package by design. | ai | |
| npm-metadata | url-dep:@amazon/elastic-gumby-frontend-client | AI (npm-metadata): Bundled internal Amazon SDK; file: dep is intentional and consistent across all versions. | ai | |
| npm-metadata | url-dep:@amzn/codewhisperer-runtime | AI (npm-metadata): Bundled internal Amazon SDK; file: dep is intentional and consistent across all versions. | ai | |
| dependencies | unvetted-dep:@amzn/amazon-q-developer-streaming-client | AI (dependencies): Bundled internal tarball from AWS monorepo; not a registry dep to vet separately. | ai | |
| dependencies | unvetted-dep:@amzn/codewhisperer-streaming | AI (dependencies): Bundled internal tarball from AWS monorepo; not a registry dep to vet separately. | ai | |
| npm-metadata | url-dep:@amzn/codewhisperer-streaming | AI (npm-metadata): Internal AWS streaming client bundled as tarball; stable pattern for this monorepo package. | ai | |
| phantom-deps | phantom-dep:hpagent | AI (phantom-deps): hpagent is a proxy agent used via config/options passing, not direct import; stable false positive. | ai | |
| npm-metadata | url-dep:@types/local-indexing | AI (npm-metadata): Dev-only local type definition tgz; no runtime risk. | ai | |
| npm-metadata | url-dep:@amzn/amazon-q-developer-streaming-client | AI (npm-metadata): Intentional bundled local tgz dep pattern used consistently across this package's versions. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall installs transitive deps consistent with bundled file-path dependency pattern in this monorepo package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process used to manage Docker containers for MCP tooling — core feature of an agentic coding assistant. | ai | |
| phantom-deps | phantom-dep:picomatch | AI (phantom-deps): Declared in package.json but used transitively; stable false positive for this package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): env-spread is used to pass environment variables to a bash execution tool — expected behavior for an agentic coding assistant. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Finding is in a path-sanitization guard that blocks /etc/passwd traversal attacks, not credential harvesting code. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval used only for dynamic ESM import of a local vector library path; not user-controlled input. | ai | |
| phantom-deps | phantom-dep:encoding-japanese | AI (phantom-deps): Declared in package.json; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@mozilla/readability | AI (phantom-deps): Declared in package.json; stable false positive for this package. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.0.116 | 41 / 22 | |
| 0.0.113 | 41 / 22 | |
| 0.0.56 | 35 / 18 | |
| 0.0.52 | 35 / 18 | |
| 0.0.51 | 35 / 18 | |
| 0.0.50 | 35 / 18 | |
| 0.0.46 | 34 / 18 | |
| 0.0.43 | 33 / 17 | |
| 0.0.40 | 32 / 17 | |
| 0.0.37 | 31 / 17 |
v0.0.116
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.113
5 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/71c53d10a14c154e1790c622ffaa3f476f15fc22/out/language-server/agenticChat/tools/executeBash.js#L452 450 | }; 451 | // Set up environment variables with AWS CLI identifier for CloudTrail auditability > 452 | const env = { ...process.env }; 453 | // Add Q Developer IDE identifier for AWS CLI commands 454 | // Check if command contains 'aws ' anywhere (handles multi-command scenarios)
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/71c53d10a14c154e1790c622ffaa3f476f15fc22/out/language-server/agenticChat/tools/mcp/mcpManager.js#L386 384 | // stdio transport - merge additional env with base env 385 | const finalEnv = { ...(cfg.env || {}), ...(cfg.__additionalEnv__ || {}) }; > 386 | const mergedEnv = { 387 | ...process.env, 388 | // Make sure we do not have empty key and value in mergedEnv, or adding server through UI will f
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/aws/language-servers/blob/71c53d10a14c154e1790c622ffaa3f476f15fc22/out/language-server/agenticChat/tools/toolShared.js#L120 118 | // For paths OUTSIDE the workspace, check if they target sensitive system 119 | // locations. We check both the raw input and the resolved path to catch > 120 | // traversal attempts like "/workspace/../../etc/passwd". 121 | if (isSensitivePath(inputPath) || isSensitivePath(canonicalPath)) { 122 | return {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.56
3 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/a8ac9bf438b46fd6341e130ecc744966dadda8f2/out/language-server/agenticChat/tools/mcp/mcpManager.js#L155 153 | try { 154 | this.features.logging.debug(`MCP: initializing server [${serverName}]`); > 155 | const mergedEnv = { 156 | ...process.env, 157 | // Make sure we do not have empty key and value in mergedEnv, or adding server through UI will fail on W
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.52
3 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/4b9761f9fb5b10f4e6d67fcf27eb51f6f971d1b1/out/language-server/agenticChat/tools/mcp/mcpManager.js#L155 153 | try { 154 | this.features.logging.debug(`MCP: initializing server [${serverName}]`); > 155 | const mergedEnv = { 156 | ...process.env, 157 | // Make sure we do not have empty key and value in mergedEnv, or adding server through UI will fail on W
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.51
3 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/6022fcbdf7c97c226c5f6ba3e27070a17803a116/out/language-server/agenticChat/tools/mcp/mcpManager.js#L155 153 | try { 154 | this.features.logging.debug(`MCP: initializing server [${serverName}]`); > 155 | const mergedEnv = { 156 | ...process.env, 157 | // Make sure we do not have empty key and value in mergedEnv, or adding server through UI will fail on W
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.50
3 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/220a58b7225a84dd5493766ed6af9e7e192a1789/out/language-server/agenticChat/tools/mcp/mcpManager.js#L155 153 | try { 154 | this.features.logging.debug(`MCP: initializing server [${serverName}]`); > 155 | const mergedEnv = { 156 | ...process.env, 157 | // Make sure we do not have empty key and value in mergedEnv, or adding server through UI will fail on W
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.37
3 findingsScript: node ./script/install_transitive_dep.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/language-servers/blob/50a5bd14ff1b455fe82964cb1d53aabf36143249/out/language-server/agenticChat/tools/mcp/mcpManager.js#L64 62 | try { 63 | this.features.logging.debug(`MCP: initializing server [${serverName}]`); > 64 | const mergedEnv = { 65 | ...process.env, 66 | ...(cfg.env ?? {}),
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.