@smithy/middleware-retry

[![NPM version](https://img.shields.io/npm/v/@smithy/middleware-retry/latest.svg)](https://www.npmjs.com/package/@smithy/middleware-retry) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/middleware-retry.svg)](https://www.npmjs.com/package/@smithy

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI/CD publishing; consistent with SLSA provenance attestation.	ai	2026/06/02
npm-metadata	no-description	AI (npm-metadata): Stable omission across versions of this well-established AWS SDK package.	ai	2026/06/02
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is explicitly declared in dependencies; it's a standard TypeScript runtime helper used across all @smithy packages. Not a real phantom dependency concern.	ai	2026/04/21
provenance	no-provenance	AI (provenance): smithy-team consistently publishes without Sigstore provenance across all 46 packages; this is a stable pattern for this publisher, not a per-version concern.	ai	2026/04/21

Versions (showing 100 of 138)

Version	Deps	Published
4.7.1	2 / 1	2026-06-17
4.7.0	2 / 1	2026-06-15
4.6.7	2 / 1	2026-06-12
4.6.6	2 / 0	2026-06-01
4.6.5	2 / 0	2026-05-27
4.6.4	2 / 0	2026-05-21
4.6.3	2 / 0	2026-05-15
4.6.2	2 / 0	2026-05-14
4.6.1	2 / 0	2026-05-11
4.6.0	2 / 0	2026-05-08
4.5.7	10 / 5	2026-04-28
4.5.6	10 / 5	2026-04-27
4.5.5	10 / 5	2026-04-23
4.5.4	10 / 5	2026-04-20
4.5.3	10 / 5	2026-04-16
4.5.2	10 / 5	2026-04-16
4.5.1	10 / 5	2026-04-09
4.5.0	10 / 5	2026-04-06
4.4.46	9 / 5	2026-03-31
4.4.45	9 / 5	2026-03-30
4.4.44	9 / 5	2026-03-19
4.4.43	9 / 5	2026-03-16
4.4.42	9 / 5	2026-03-12
4.4.41	9 / 5	2026-03-12
4.4.40	9 / 5	2026-03-06
4.4.39	9 / 5	2026-03-04
4.4.38	9 / 5	2026-03-03
4.4.37	9 / 5	2026-02-24
4.4.36	9 / 5	2026-02-24
4.4.35	9 / 5	2026-02-23
4.4.34	9 / 5	2026-02-23
4.4.33	9 / 5	2026-02-17
4.4.32	9 / 5	2026-02-17
4.4.31	9 / 5	2026-02-10
4.4.30	9 / 5	2026-02-02
4.4.29	9 / 5	2026-01-27
4.4.28	9 / 5	2026-01-27
4.4.27	9 / 5	2026-01-22
4.4.26	9 / 5	2026-01-20
4.4.25	9 / 5	2026-01-20
4.4.24	9 / 5	2026-01-17
4.4.23	9 / 5	2026-01-15
4.4.22	9 / 5	2026-01-13
4.4.21	9 / 5	2026-01-13
4.4.20	9 / 5	2026-01-12
4.4.19	9 / 5	2026-01-09
4.4.18	9 / 5	2026-01-07
4.4.17	9 / 5	2025-12-18
4.4.16	9 / 5	2025-12-15
4.4.15	9 / 5	2025-12-15
4.4.14	9 / 5	2025-12-03
4.4.13	9 / 5	2025-12-01
4.4.12	9 / 5	2025-11-19
4.4.11	9 / 5	2025-11-14
4.4.10	9 / 5	2025-11-12
4.4.9	9 / 5	2025-11-12
4.4.8	9 / 5	2025-11-12
4.4.7	9 / 5	2025-11-10
4.4.6	9 / 5	2025-10-30
4.4.5	9 / 5	2025-10-22
4.4.4	9 / 5	2025-10-15
4.4.3	9 / 5	2025-10-14
4.4.2	9 / 5	2025-10-13
4.4.1	9 / 5	2025-10-08
4.4.0	9 / 5	2025-09-30
4.3.1	9 / 5	2025-09-26
4.3.0	9 / 5	2025-09-23
4.2.4	10 / 5	2025-09-17
4.2.3	10 / 5	2025-09-17
4.2.2	10 / 5	2025-09-15
4.2.1	10 / 5	2025-09-10
4.2.0	10 / 5	2025-09-04
4.1.22	10 / 5	2025-09-03
4.1.21	10 / 5	2025-09-02
4.1.20	10 / 5	2025-08-28
4.1.19	10 / 5	2025-08-06
4.1.18	9 / 6	2025-07-23
4.1.17	9 / 6	2025-07-17
4.1.16	9 / 6	2025-07-15
4.1.15	9 / 6	2025-07-09
4.1.14	9 / 6	2025-06-25
4.1.13	9 / 6	2025-06-23
4.1.12	9 / 6	2025-06-04
4.1.11	9 / 6	2025-06-04
4.1.10	9 / 6	2025-05-29
4.1.9	9 / 6	2025-05-29
4.1.8	9 / 6	2025-05-19
4.1.7	9 / 6	2025-05-14
4.1.6	9 / 6	2025-05-12
4.1.5	9 / 6	2025-05-09
4.1.4	9 / 6	2025-05-08
4.1.3	9 / 6	2025-05-05
4.1.2	9 / 6	2025-05-02
4.1.1	9 / 6	2025-04-28
4.1.0	9 / 6	2025-03-24
4.0.7	9 / 6	2025-02-24
4.0.6	9 / 6	2025-02-14
4.0.5	9 / 6	2025-02-14
4.0.4	9 / 6	2025-01-27
4.0.3	9 / 6	2025-01-15

Showing 100 of 138 Next page →

v4.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.6.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.6.6

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.