← Home

@pulumi/aws-native

npm Repository Homepage

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

8
Versions
Apache-2.0
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

joeduffypulumi-bot

Keywords

pulumiawsaws-nativecloud controlccapicategory/cloudkind/native

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:install AI (install-scripts): Standard Pulumi provider plugin download script; consistent across all Pulumi provider packages. ai
semgrep semgrep:new-function-constructor AI (semgrep): Instantiates a Pulumi AWS resource class named Function, not JS eval-like new Function(). ai
semgrep semgrep:child-process-import AI (semgrep): child_process used only in the Pulumi plugin install script to invoke the pulumi CLI; expected and benign. ai

Versions (showing 8 of 8)

Version Deps Published
1.68.0 1 / 2
1.66.0 1 / 2
1.65.0 1 / 2
1.64.0 1 / 2
1.63.0 1 / 2
1.62.0 1 / 2
1.61.0 1 / 2
1.59.0 1 / 2

v1.68.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.66.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.65.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.63.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.61.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.59.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.