@cloudbase/js-sdk — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wangjiachendaniel-dxstarkwangyhyangbingggfengkxliuyanjiejustanwoodenstonemiusunclewedabotareo-joe

Keywords

tcbcloudbaseCloudbaseserverlessServerlessjavascriptJavaScript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	rapid-publish	AI (publish-pattern): High-frequency org SDK with 361 versions; rapid successive publishes are normal for this package.	ai	2026/05/15
dependencies	unvetted-dep:@cloudbase/database	AI (dependencies): Internal @cloudbase org dependency; consistent with this SDK's architecture across versions.	ai	2026/04/30
dependencies	unvetted-dep:@cloudbase/adapter-interface	AI (dependencies): Internal @cloudbase org dependency; stable pattern across this package's release history.	ai	2026/04/30
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode in minified SDK bundle is expected for encoding/decoding data, not payload hiding.	ai	2026/04/29
typosquat	typosquat.levenshtein:aws-sdk	AI (typosquat): @cloudbase/js-sdk is the official Tencent CloudBase SDK, not a typosquat of aws-sdk.	ai	2026/04/29
phantom-deps	phantom-dep:@cloudbase/utilities	AI (phantom-deps): Same-org scoped package; phantom-dep heuristic unreliable for monorepo sub-packages.	ai	2026/04/29
semgrep	semgrep:hex-decode	AI (semgrep): Hex decode in minified SDK bundle is a standard utility pattern, not malicious.	ai	2026/04/29
semgrep	semgrep:new-function-constructor	AI (semgrep): Fires in minified bundle output; standard pattern in bundled SDK code, not malicious.	ai	2026/04/29
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get in minified bundle is a normal transpilation artifact, not evasion.	ai	2026/04/29

Versions (showing 51 of 89)

View all versions

Version	Deps	Published
3.3.12	15 / 0	2026-05-28
3.3.11	15 / 0	2026-05-26
3.3.10	15 / 0	2026-05-19
3.3.9	15 / 0	2026-05-08
3.3.8	15 / 0	2026-05-07
3.3.7	15 / 0	2026-05-06
3.3.6	15 / 0	2026-04-30
3.3.5	15 / 0	2026-04-29
3.3.4	15 / 0	2026-04-21
3.3.3	15 / 0	2026-04-17
3.3.2	15 / 0	2026-04-13
3.3.1	15 / 0	2026-04-08
3.3.0	15 / 0	2026-04-08
2.28.8	15 / 0	2026-05-25
2.28.6	15 / 0	2026-05-19
2.28.5	15 / 0	2026-05-07
2.28.4	15 / 0	2026-05-06
2.28.3	15 / 0	2026-04-30
2.28.2	15 / 0	2026-04-29
2.28.1	15 / 0	2026-04-27
2.28.0	15 / 0	2026-04-27
2.27.5	15 / 0	2026-04-21
2.27.4	15 / 0	2026-04-17
2.27.3	15 / 0	2026-04-13
2.22.10	14 / 0	2025-12-03
2.22.9	14 / 0	2025-11-19
2.22.8	14 / 0	2025-11-19
2.22.7	14 / 0	2025-11-19
2.22.6	14 / 0	2025-11-17
2.22.5	14 / 0	2025-11-12
2.22.4	14 / 0	2025-11-05
2.21.10	13 / 0	2025-10-17
2.21.9	13 / 0	2025-09-17
2.21.8	13 / 0	2025-09-16
2.21.7	13 / 0	2025-09-16
2.21.6	13 / 0	2025-08-28
2.21.5	13 / 0	2025-08-27
2.21.4	13 / 0	2025-08-27
2.21.3	13 / 0	2025-08-21
2.21.2	13 / 0	2025-08-21
2.21.1	13 / 0	2025-08-20
2.21.0	13 / 0	2025-08-14
2.20.14	13 / 0	2025-08-13
2.20.13	13 / 0	2025-08-11
2.20.12	13 / 0	2025-08-11
2.20.10	13 / 0	2025-08-11
2.20.9	13 / 0	2025-08-11
2.20.8	13 / 0	2025-08-11
2.20.7	13 / 0	2025-08-11
2.20.6	13 / 0	2025-08-08
2.20.4	13 / 0	2025-08-08