@smithy/middleware-endpoint

[![NPM version](https://img.shields.io/npm/v/@smithy/middleware-endpoint/latest.svg)](https://www.npmjs.com/package/@smithy/middleware-endpoint) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/middleware-endpoint.svg)](https://www.npmjs.com/packag

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI/CD publishing; SLSA attestation confirms automated pipeline.	ai	2026/06/02
npm-metadata	no-description	AI (npm-metadata): Stable omission across many versions of this established AWS SDK package.	ai	2026/06/02
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a standard TypeScript runtime helper declared in dependencies; its implicit import pattern is expected for all TypeScript-compiled @smithy packages.	ai	2026/04/21
provenance	no-provenance	AI (provenance): smithy-team consistently publishes without Sigstore provenance; the publisher's track record and official GitHub repo provide sufficient trust signal.	ai	2026/04/21

Versions (showing 51 of 114)

View all versions

Version	Deps	Published
4.6.1	2 / 1	2026-06-17
4.6.0	2 / 1	2026-06-15
4.5.7	2 / 1	2026-06-12
4.5.6	2 / 0	2026-06-01
4.5.5	2 / 0	2026-05-27
4.5.4	2 / 0	2026-05-21
4.5.3	2 / 0	2026-05-15
4.5.2	2 / 0	2026-05-14
4.5.1	2 / 0	2026-05-11
4.5.0	2 / 0	2026-05-08
4.4.32	8 / 4	2026-04-23
4.4.31	8 / 4	2026-04-20
4.4.30	8 / 4	2026-04-16
4.4.29	8 / 4	2026-04-06
4.4.28	8 / 4	2026-03-30
4.4.27	8 / 4	2026-03-19
4.4.26	8 / 4	2026-03-16
4.4.25	8 / 4	2026-03-12
4.4.24	8 / 4	2026-03-12
4.4.23	8 / 4	2026-03-06
4.4.22	8 / 4	2026-03-04
4.4.21	8 / 4	2026-03-03
4.4.20	8 / 4	2026-02-24
4.4.19	8 / 4	2026-02-24
4.4.18	8 / 4	2026-02-23
4.4.17	8 / 4	2026-02-23
4.4.16	8 / 4	2026-02-17
4.4.15	8 / 4	2026-02-17
4.4.14	8 / 4	2026-02-10
4.4.13	8 / 4	2026-02-02
4.4.12	8 / 4	2026-01-27
4.4.11	8 / 4	2026-01-22
4.4.10	8 / 4	2026-01-20
4.4.9	8 / 4	2026-01-20
4.4.8	8 / 4	2026-01-17
4.4.7	8 / 4	2026-01-15
4.4.6	8 / 4	2026-01-13
4.4.5	8 / 4	2026-01-13
4.4.4	8 / 4	2026-01-12
4.4.3	8 / 4	2026-01-09
4.4.2	8 / 4	2026-01-07
4.4.1	8 / 4	2025-12-18
4.4.0	8 / 4	2025-12-15
4.3.15	8 / 4	2025-12-15
4.3.14	8 / 4	2025-12-03
4.3.13	8 / 4	2025-12-01
4.3.12	8 / 4	2025-11-19
4.3.11	8 / 4	2025-11-14
4.3.10	8 / 4	2025-11-12
4.3.9	8 / 4	2025-11-12
4.3.8	8 / 4	2025-11-12

v4.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.6

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.