@dot/cdk
A set of tools and conventions for working with AWS CDK
1
Versions
MPL-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
shellscape
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@swc/core | AI (phantom-deps): SWC core is a peer dep loaded via config; not directly imported by design in CDK tooling packages. | ai | |
| phantom-deps | phantom-dep:constructs | AI (phantom-deps): CDK constructs is a peer dep referenced in config files; stable false positive for CDK packages. | ai | |
| phantom-deps | phantom-dep:@smithy/types | AI (phantom-deps): Framework-scoped type package loaded by AWS SDK convention; not directly imported. | ai | |
| phantom-deps | phantom-dep:@swc-node/register | AI (phantom-deps): Register-style package loaded via config, not direct import; expected pattern for SWC. | ai | |
| phantom-deps | phantom-dep:@aws-cdk/aws-redshift-alpha | AI (phantom-deps): CDK alpha construct referenced in config/CDK app files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@aws-cdk/cloud-assembly-schema | AI (phantom-deps): CDK internal schema package used at config level; stable false positive. | ai | |
| phantom-deps | phantom-dep:@aws-solutions-constructs/aws-cloudfront-s3 | AI (phantom-deps): AWS Solutions Construct referenced in CDK app config; stable false positive. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 25 / 3 |
v5.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.