@smithy/middleware-serde

[![NPM version](https://img.shields.io/npm/v/@smithy/middleware-serde/latest.svg)](https://www.npmjs.com/package/@smithy/middleware-serde) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/middleware-serde.svg)](https://www.npmjs.com/package/@smithy

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI/CD publishing is expected for this AWS SDK ecosystem package.	ai	2026/06/02
npm-metadata	no-description	AI (npm-metadata): Stable omission across versions; not indicative of malice for this established package.	ai	2026/06/02
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency used via TypeScript importHelpers.	ai	2026/06/02

Versions (showing 55 of 55)

Version	Deps	Published
4.4.1	2 / 1	2026-06-17
4.4.0	2 / 1	2026-06-15
4.3.7	2 / 1	2026-06-12
4.3.6	2 / 0	2026-06-01
4.3.5	2 / 0	2026-05-27
4.3.4	2 / 0	2026-05-21
4.3.3	2 / 0	2026-05-15
4.3.2	2 / 0	2026-05-14
4.3.1	2 / 0	2026-05-11
4.3.0	2 / 0	2026-05-08
4.2.20	4 / 5	2026-04-23
4.2.19	4 / 5	2026-04-20
4.2.18	4 / 5	2026-04-16
4.2.17	4 / 5	2026-04-06
4.2.16	4 / 5	2026-03-30
4.2.15	4 / 5	2026-03-16
4.2.14	4 / 5	2026-03-12
4.2.13	4 / 5	2026-03-12
4.2.12	3 / 5	2026-03-04
4.2.11	3 / 5	2026-02-24
4.2.10	3 / 5	2026-02-23
4.2.9	3 / 5	2026-01-13
4.2.8	3 / 5	2025-12-18
4.2.7	3 / 5	2025-12-15
4.2.6	3 / 5	2025-11-14
4.2.5	3 / 5	2025-11-10
4.2.4	3 / 5	2025-10-30
4.2.3	3 / 5	2025-10-15
4.2.2	3 / 5	2025-10-14
4.2.1	3 / 5	2025-10-13
4.2.0	3 / 5	2025-09-30
4.1.1	3 / 5	2025-09-10
4.1.0	3 / 5	2025-09-04
4.0.9	3 / 5	2025-08-06
4.0.8	3 / 5	2025-05-29
4.0.7	3 / 5	2025-05-29
4.0.6	3 / 5	2025-05-19
4.0.5	3 / 5	2025-05-14
4.0.4	3 / 5	2025-05-12
4.0.3	2 / 5	2025-03-24
4.0.2	2 / 5	2025-01-27
4.0.1	2 / 5	2025-01-09
4.0.0	2 / 5	2025-01-06
3.0.11	2 / 5	2024-12-09
3.0.10	2 / 5	2024-11-14
3.0.9	2 / 5	2024-11-14
3.0.8	2 / 5	2024-10-21
3.0.7	2 / 5	2024-09-30
3.0.6	2 / 5	2024-09-13
3.0.5	2 / 5	2024-09-13
3.0.4	2 / 5	2024-09-09
3.0.3	2 / 5	2024-06-27
3.0.2	2 / 5	2024-06-18
3.0.1	2 / 5	2024-06-12
3.0.0	2 / 5	2024-05-10

v4.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.6

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.