@aws/nx-plugin
<div align="center"> <h1>Nx Plugin for AWS</h1> <h3>Build full-stack AWS apps in minutes</h3> <a href="https://opensource.org/licenses/Apache-2.0"> <img src="https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg" alt="Apa
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@types/mdast | AI (phantom-deps): TypeScript type package; not directly imported by convention, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): Referenced in config/generated files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/js-yaml | AI (phantom-deps): TypeScript type package; not directly imported by convention, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type package; not directly imported by convention, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): zod is a direct dependency in package.json; phantom-dep is a false positive here. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Nx plugin generators legitimately spawn child processes to run CLI tools; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@phenomnomnominal/tsquery | AI (phantom-deps): Used in config/codegen context; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nx/vite | AI (phantom-deps): Referenced in generator config files; stable false positive for this Nx plugin package. | ai | |
| phantom-deps | phantom-dep:vite | AI (phantom-deps): vite is a declared dependency used in config/build tooling, not directly imported in JS source. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require resolves @nxlv/python provider modules by path; expected plugin loader pattern. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.122.0 | 38 / 0 | |
| 0.121.0 | 38 / 0 | |
| 0.120.0 | 38 / 0 | |
| 0.118.0 | 38 / 0 | |
| 0.106.0 | 27 / 0 | |
| 0.75.0 | 26 / 0 | |
| 0.58.1 | 27 / 0 | |
| 0.55.1 | 27 / 0 | |
| 0.53.0 | 27 / 0 | |
| 0.44.0 | 27 / 0 |
v0.122.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.121.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.120.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.118.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.75.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.58.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.55.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.53.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.44.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.