@cloud-copilot/iam-collect
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with legitimate automation migration for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is an official AWS SDK client (@aws-sdk/client-config-service); fits the package's pattern of adding AWS service coverage. | ai | |
| dependencies | unvetted-dep:@cloud-copilot/log | AI (dependencies): Same-org dependency from cloud-copilot; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@aws-sdk/client-glacier | AI (dependencies): Official AWS SDK v3 client; well-known and trusted. | ai | |
| dependencies | unvetted-dep:@cloud-copilot/cli | AI (dependencies): Same-org dependency from cloud-copilot; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@aws-sdk/client-api-gateway | AI (dependencies): Official AWS SDK v3 client; well-known and trusted. | ai | |
| dependencies | unvetted-dep:@aws-sdk/client-s3-control | AI (dependencies): Official AWS SDK v3 client; well-known and trusted. | ai | |
| dependencies | unvetted-dep:@cloud-copilot/job | AI (dependencies): Same-org dependency from cloud-copilot; stable pattern across all versions of this package. | ai |
Versions (showing 100 of 164)
| Version | Deps | Published |
|---|---|---|
| 0.1.195 | 40 / 15 | |
| 0.1.194 | 40 / 15 | |
| 0.1.193 | 40 / 15 | |
| 0.1.192 | 40 / 15 | |
| 0.1.191 | 40 / 15 | |
| 0.1.190 | 40 / 15 | |
| 0.1.189 | 40 / 15 | |
| 0.1.188 | 40 / 15 | |
| 0.1.187 | 40 / 15 | |
| 0.1.186 | 40 / 15 | |
| 0.1.185 | 40 / 15 | |
| 0.1.184 | 40 / 15 | |
| 0.1.183 | 40 / 15 | |
| 0.1.182 | 40 / 15 | |
| 0.1.181 | 40 / 15 | |
| 0.1.180 | 39 / 15 | |
| 0.1.179 | 39 / 15 | |
| 0.1.178 | 39 / 15 | |
| 0.1.177 | 39 / 15 | |
| 0.1.176 | 39 / 15 | |
| 0.1.175 | 39 / 15 | |
| 0.1.174 | 39 / 15 | |
| 0.1.173 | 39 / 15 | |
| 0.1.172 | 39 / 15 | |
| 0.1.171 | 39 / 15 | |
| 0.1.170 | 39 / 15 | |
| 0.1.169 | 39 / 15 | |
| 0.1.168 | 39 / 15 | |
| 0.1.167 | 39 / 15 | |
| 0.1.166 | 39 / 15 | |
| 0.1.165 | 39 / 15 | |
| 0.1.164 | 39 / 15 | |
| 0.1.163 | 39 / 15 | |
| 0.1.162 | 39 / 15 | |
| 0.1.161 | 39 / 15 | |
| 0.1.160 | 39 / 15 | |
| 0.1.159 | 39 / 15 | |
| 0.1.158 | 39 / 15 | |
| 0.1.157 | 39 / 15 | |
| 0.1.156 | 39 / 15 | |
| 0.1.155 | 39 / 15 | |
| 0.1.154 | 39 / 15 | |
| 0.1.153 | 39 / 15 | |
| 0.1.152 | 39 / 15 | |
| 0.1.151 | 39 / 15 | |
| 0.1.150 | 39 / 15 | |
| 0.1.149 | 39 / 15 | |
| 0.1.148 | 39 / 15 | |
| 0.1.147 | 39 / 15 | |
| 0.1.146 | 39 / 15 | |
| 0.1.145 | 39 / 15 | |
| 0.1.144 | 39 / 15 | |
| 0.1.143 | 39 / 15 | |
| 0.1.142 | 39 / 15 | |
| 0.1.141 | 39 / 15 | |
| 0.1.139 | 39 / 14 | |
| 0.1.138 | 39 / 14 | |
| 0.1.137 | 39 / 14 | |
| 0.1.136 | 39 / 14 | |
| 0.1.135 | 39 / 14 | |
| 0.1.134 | 39 / 14 | |
| 0.1.133 | 39 / 14 | |
| 0.1.132 | 39 / 14 | |
| 0.1.131 | 38 / 14 | |
| 0.1.130 | 38 / 14 | |
| 0.1.129 | 38 / 14 | |
| 0.1.128 | 38 / 14 | |
| 0.1.127 | 38 / 14 | |
| 0.1.126 | 38 / 14 | |
| 0.1.125 | 38 / 14 | |
| 0.1.124 | 37 / 14 | |
| 0.1.123 | 37 / 14 | |
| 0.1.122 | 37 / 14 | |
| 0.1.121 | 37 / 14 | |
| 0.1.120 | 36 / 14 | |
| 0.1.119 | 35 / 14 | |
| 0.1.118 | 34 / 14 | |
| 0.1.117 | 34 / 14 | |
| 0.1.116 | 34 / 14 | |
| 0.1.115 | 34 / 14 | |
| 0.1.114 | 34 / 14 | |
| 0.1.113 | 34 / 14 | |
| 0.1.112 | 34 / 14 | |
| 0.1.111 | 34 / 14 | |
| 0.1.110 | 34 / 14 | |
| 0.1.109 | 34 / 14 | |
| 0.1.108 | 34 / 14 | |
| 0.1.107 | 34 / 14 | |
| 0.1.106 | 34 / 14 | |
| 0.1.105 | 33 / 13 | |
| 0.1.104 | 33 / 13 | |
| 0.1.103 | 33 / 12 | |
| 0.1.102 | 33 / 12 | |
| 0.1.101 | 33 / 12 | |
| 0.1.100 | 33 / 12 | |
| 0.1.99 | 33 / 12 | |
| 0.1.98 | 33 / 12 | |
| 0.1.97 | 33 / 12 | |
| 0.1.96 | 33 / 12 | |
| 0.1.95 | 33 / 12 |
v0.1.195
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.194
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.193
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.192
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.191
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.190
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.189
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.187
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.186
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.185
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.184
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.183
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.182
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.181
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.180
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.179
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.178
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.177
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.176
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.175
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.174
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.173
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.172
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.171
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.170
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.169
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.168
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.167
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.166
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.165
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.164
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.163
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.162
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.161
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.160
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.159
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.158
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.157
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.156
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.155
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.154
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.153
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.152
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.151
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.150
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.149
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.148
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.147
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.146
2 findingsThis version was published by a different npm account than previous versions on 2025-10-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.145
2 findingsThis version was published by a different npm account than previous versions on 2025-10-25. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.144
2 findingsThis version was published by a different npm account than previous versions on 2025-10-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.143
2 findingsThis version was published by a different npm account than previous versions on 2025-10-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.142
2 findingsThis version was published by a different npm account than previous versions on 2025-10-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.141
2 findingsThis version was published by a different npm account than previous versions on 2025-10-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.139
2 findingsThis version was published by a different npm account than previous versions on 2025-10-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.138
2 findingsThis version was published by a different npm account than previous versions on 2025-10-13. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.137
2 findingsThis version was published by a different npm account than previous versions on 2025-10-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.136
2 findingsThis version was published by a different npm account than previous versions on 2025-10-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.135
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.134
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.133
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.132
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.131
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.130
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.129
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.128
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.127
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.126
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.125
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.124
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.123
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.122
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.121
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.120
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.119
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.118
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.117
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.116
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.115
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.114
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.111
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.110
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.106
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.104
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.103
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.102
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.