← Home

@itentialopensource/adapter-aws_s3

npm Repository Homepage

This adapter integrates with system described as: Aws_S3.

3
Versions
Apache-2.0
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

jared.obrienjohnpolanskyzack.strulovitchitential-ciandyknaebelishitaprakash

Keywords

ItentialItential PlatformAutomationIntegrationAdapterCloudStorageAWSS3Pre-Release

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:preinstall AI (install-scripts): Standard Itential adapter pattern; setup.js installs git hooks, not arbitrary remote code. ai
semgrep semgrep:dynamic-require AI (semgrep): Itential adapter framework uses path.join(__dirname, ...) dynamic requires for known local files — not user-controlled. ai
semgrep semgrep:child-process-import AI (semgrep): adapterBase.js uses execSync/spawnSync for adapter utility operations; stable pattern across Itential adapter family. ai
phantom-deps phantom-dep:aws-sdk AI (phantom-deps): aws-sdk is a declared runtime dependency used via config-driven loading in this AWS S3 adapter. ai
phantom-deps phantom-dep:aws4 AI (phantom-deps): aws4 is a declared runtime dependency for AWS request signing; loaded via adapter config. ai
phantom-deps phantom-dep:ping AI (phantom-deps): ping is a declared dependency used in connectivity/healthcheck utilities. ai
phantom-deps phantom-dep:esprima AI (phantom-deps): esprima is a declared dependency used in adapter migration/analysis utilities. ai
phantom-deps phantom-dep:prompts AI (phantom-deps): prompts is a declared dependency used in interactive setup/migration utilities. ai
phantom-deps phantom-dep:mocha-param AI (phantom-deps): mocha-param is a declared test dependency; phantom-dep false positive for test-only usage. ai

Versions (showing 3 of 3)

Version Deps Published
1.0.1 18 / 6
1.0.0 18 / 6
0.12.0 18 / 6

v1.0.1

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: node utils/setup.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: node utils/setup.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.0

2 findings
HIGH Package has 'preinstall' script install-scripts

Script: node utils/setup.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.