@smithy/core — Greenflagged

[![NPM version](https://img.shields.io/npm/v/@smithy/core/latest.svg)](https://www.npmjs.com/package/@smithy/core) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/core.svg)](https://www.npmjs.com/package/@smithy/core)

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from smithy-team to GitHub Actions CI/CD publishing with SLSA provenance; expected for this org.	ai	2026/06/02
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript projects.	ai	2026/06/02
source-diff	large-new-source-files	AI (source-diff): Size increase explained by inlining 8 previously separate @smithy deps and adding platform-specific submodule variants.	ai	2026/05/20
source-diff	source-size-tripled	AI (source-diff): Same root cause: consolidation of multiple @smithy packages into this core package.	ai	2026/05/20
publish-pattern	new-deps-added	AI (publish-pattern): @aws-crypto/crc32 is a legitimate AWS crypto library; consistent with new checksum submodule.	ai	2026/05/20
typosquat	typosquat.levenshtein:cors	AI (typosquat): @smithy/core is the official AWS Smithy TypeScript core package; the Levenshtein match to 'cors' is a spurious false positive due to scoped package name comparison.	ai	2026/04/21

Versions (showing 100 of 120)

Version	Deps	Published
3.25.1	3 / 7	2026/06/17
3.25.0	3 / 7	2026-06-15
3.24.7	3 / 7	2026-06-12
3.24.6	3 / 7	2026-06-01
3.24.5	3 / 7	2026-05-27
3.24.4	3 / 7	2026-05-21
3.24.3	3 / 7	2026-05-15
3.24.2	3 / 7	2026-05-14
3.24.1	3 / 7	2026-05-11
3.24.0	3 / 7	2026-05-08
3.23.17	10 / 7	2026-04-23
3.23.16	10 / 7	2026-04-20
3.23.15	10 / 7	2026-04-16
3.23.14	10 / 7	2026-04-06
3.23.13	10 / 7	2026-03-30
3.23.12	10 / 7	2026-03-16
3.23.11	10 / 7	2026-03-12
3.23.10	10 / 7	2026-03-12
3.23.9	10 / 7	2026-03-06
3.23.8	10 / 7	2026-03-04
3.23.7	10 / 7	2026-03-03
3.23.6	10 / 7	2026-02-24
3.23.5	10 / 7	2026-02-24
3.23.4	10 / 7	2026-02-23
3.23.3	10 / 7	2026-02-23
3.23.2	10 / 7	2026-02-17
3.23.1	10 / 7	2026-02-17
3.23.0	10 / 7	2026-02-10
3.22.1	10 / 7	2026-02-02
3.22.0	10 / 7	2026-01-27
3.21.1	10 / 7	2026-01-22
3.21.0	10 / 7	2026-01-20
3.20.8	10 / 7	2026-01-20
3.20.7	10 / 7	2026-01-17
3.20.6	10 / 7	2026-01-15
3.20.5	10 / 7	2026-01-13
3.20.4	10 / 7	2026-01-13
3.20.3	10 / 7	2026-01-12
3.20.2	10 / 7	2026-01-09
3.20.1	10 / 7	2026-01-07
3.20.0	10 / 7	2025-12-18
3.19.0	10 / 7	2025-12-15
3.18.7	10 / 7	2025-12-03
3.18.6	10 / 7	2025-12-01
3.18.5	10 / 7	2025-11-19
3.18.4	10 / 7	2025-11-14
3.18.3	10 / 7	2025-11-12
3.18.2	10 / 7	2025-11-12
3.18.1	10 / 7	2025-11-12
3.18.0	10 / 7	2025-11-10
3.17.2	10 / 7	2025-10-30
3.17.1	10 / 7	2025-10-22
3.17.0	10 / 7	2025-10-15
3.16.1	10 / 7	2025-10-14
3.16.0	10 / 7	2025-10-13
3.15.0	10 / 7	2025-10-08
3.14.0	10 / 7	2025-09-30
3.13.0	10 / 7	2025-09-26
3.12.0	10 / 7	2025-09-23
3.11.1	11 / 7	2025-09-17
3.11.0	11 / 7	2025-09-10
3.10.0	11 / 7	2025-09-04
3.9.2	11 / 7	2025-09-03
3.9.1	11 / 7	2025-09-02
3.9.0	11 / 7	2025-08-28
3.8.0	11 / 6	2025-08-06
3.7.2	9 / 6	2025-07-23
3.7.1	9 / 6	2025-07-17
3.7.0	9 / 6	2025-07-09
3.6.0	9 / 6	2025-06-25
3.5.3	9 / 6	2025-06-04
3.5.2	9 / 6	2025-06-04
3.5.1	9 / 6	2025-05-29
3.5.0	9 / 6	2025-05-29
3.4.0	8 / 6	2025-05-19
3.3.3	8 / 6	2025-05-14
3.3.2	8 / 6	2025-05-12
3.3.1	8 / 6	2025-05-05
3.3.0	8 / 6	2025-04-28
3.2.0	8 / 6	2025-03-24
3.1.5	8 / 6	2025-02-24
3.1.4	8 / 6	2025-02-14
3.1.3	8 / 6	2025-02-14
3.1.2	8 / 6	2025-01-27
3.1.1	8 / 6	2025-01-15
3.1.0	8 / 6	2025-01-09
3.0.0	8 / 6	2025-01-06
2.5.7	8 / 6	2025-01-02
2.5.6	8 / 6	2024-12-23
2.5.5	8 / 6	2024-12-09
2.5.4	8 / 6	2024-11-21
2.5.3	8 / 6	2024-11-14
2.5.2	8 / 6	2024-11-14
2.5.1	8 / 6	2024-10-21
2.5.0	8 / 6	2024-10-21
2.4.8	10 / 6	2024-10-04
2.4.7	10 / 6	2024-09-30
2.4.6	10 / 6	2024-09-24
2.4.5	10 / 6	2024-09-20
2.4.4	10 / 6	2024-09-20

Showing 100 of 120 Next page →

v3.25.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.25.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.24.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.24.6

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.