@smithy/core Apache-2.0 20 versions

@smithy/core

npm Repository Homepage

[![NPM version](https://img.shields.io/npm/v/@smithy/core/latest.svg)](https://www.npmjs.com/package/@smithy/core) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/core.svg)](https://www.npmjs.com/package/@smithy/core)

20

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from smithy-team to GitHub Actions CI/CD publishing with SLSA provenance; expected for this org.	ai	2026/06/02
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript projects.	ai	2026/06/02
source-diff	large-new-source-files	AI (source-diff): Size increase explained by inlining 8 previously separate @smithy deps and adding platform-specific submodule variants.	ai	2026/05/20
source-diff	source-size-tripled	AI (source-diff): Same root cause: consolidation of multiple @smithy packages into this core package.	ai	2026/05/20
publish-pattern	new-deps-added	AI (publish-pattern): @aws-crypto/crc32 is a legitimate AWS crypto library; consistent with new checksum submodule.	ai	2026/05/20
typosquat	typosquat.levenshtein:cors	AI (typosquat): @smithy/core is the official AWS Smithy TypeScript core package; the Levenshtein match to 'cors' is a spurious false positive due to scoped package name comparison.	ai	2026/04/21

Versions (showing 20 of 120)

Version	Deps	Published
2.4.3	10 / 6	2024-09-13
2.4.2	10 / 6	2024-09-13
2.4.1	10 / 6	2024-09-09
2.4.0	10 / 6	2024-08-16
2.3.2	8 / 5	2024-08-01
2.3.1	8 / 5	2024-07-26
2.3.0	8 / 5	2024-07-24
2.2.8	8 / 5	2024-07-17
2.2.7	8 / 5	2024-07-15
2.2.6	8 / 5	2024-07-09
2.2.5	8 / 5	2024-07-08
2.2.4	8 / 5	2024-06-27
2.2.3	8 / 5	2024-06-18
2.2.2	8 / 5	2024-06-17
2.2.1	8 / 5	2024-06-12
2.2.0	8 / 5	2024-06-04
2.1.1	8 / 5	2024-05-30
2.1.0	8 / 5	2024-05-30
2.0.1	8 / 5	2024-05-14
2.0.0	8 / 5	2024-05-10

v2.4.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.