← Home

@goldstack/template-static-website-aws

npm Repository Homepage

Utilities for deploying a website to CloudFront and S3

13
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mxro

Keywords

goldstackutilityinfrastructurecloudfronts3webhostingtemplateIaCconfiguration

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@goldstack/utils-docs-cli AI (phantom-deps): Same-org dependency used indirectly via monorepo tooling; stable false positive. ai
dependencies unvetted-dep:@goldstack/utils-docs-cli AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-template AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-s3-deployment AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-package-config AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/infra AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-sh AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/infra-aws AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-cli AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-log AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-config AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
dependencies unvetted-dep:@goldstack/utils-package AI (dependencies): Internal goldstack monorepo dependency; stable pattern across all versions. ai
provenance no-provenance AI (provenance): Long-established goldstack monorepo package; provenance absence is consistent across all versions. ai
phantom-deps phantom-dep:@goldstack/utils-config AI (phantom-deps): Same-org dep; phantom-dep heuristic fires on indirect usage within monorepo packages. ai
phantom-deps phantom-dep:@goldstack/utils-template AI (phantom-deps): Same-org dep; phantom-dep heuristic fires on indirect usage within monorepo packages. ai
phantom-deps phantom-dep:source-map-support AI (phantom-deps): source-map-support is a common runtime dep declared in package.json; phantom-dep heuristic false positive for this package. ai

Versions (showing 13 of 13)

Version Deps Published
0.5.98 15 / 10
0.5.97 15 / 10
0.5.96 15 / 10
0.5.95 15 / 10
0.5.94 15 / 10
0.5.93 15 / 10
0.5.92 14 / 10
0.5.90 14 / 10
0.5.88 14 / 10
0.5.77 14 / 10
0.5.62 15 / 11
0.5.61 15 / 11
0.5.60 15 / 11

v0.5.98

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.97

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.96

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.95

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.94

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.93

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.92

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.90

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.88

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.77

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.62

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.61

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.60

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.