@smithy/node-http-handler

Provides a way to make requests

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a declared runtime dep used implicitly by TypeScript compilation output.	ai	2026/06/02
bogus-package	bogus-package	AI (bogus-package): AWS Smithy monorepo package; sparse README/keywords is normal for scoped sub-packages.	ai	2026/06/02

Versions (showing 63 of 63)

Version	Deps	Published
4.8.1	3 / 6	2026-06-17
4.8.0	3 / 6	2026-06-15
4.7.8	3 / 6	2026-06-12
4.7.7	3 / 6	2026-06-04
4.7.6	3 / 6	2026-06-01
4.7.5	3 / 6	2026-05-27
4.7.4	3 / 6	2026-05-21
4.7.3	3 / 6	2026-05-15
4.7.2	3 / 6	2026-05-14
4.7.1	3 / 6	2026-05-11
4.7.0	3 / 6	2026-05-08
4.6.1	4 / 6	2026-04-23
4.6.0	4 / 6	2026-04-20
4.5.3	4 / 6	2026-04-16
4.5.2	4 / 6	2026-04-06
4.5.1	4 / 6	2026-03-30
4.5.0	5 / 5	2026-03-16
4.4.16	5 / 5	2026-03-12
4.4.15	5 / 5	2026-03-12
4.4.14	5 / 5	2026-03-04
4.4.13	5 / 5	2026-03-03
4.4.12	5 / 5	2026-02-24
4.4.11	5 / 5	2026-02-23
4.4.10	5 / 5	2026-02-10
4.4.9	5 / 5	2026-02-02
4.4.8	5 / 5	2026-01-13
4.4.7	5 / 5	2025-12-18
4.4.6	5 / 5	2025-12-15
4.4.5	5 / 5	2025-11-10
4.4.4	5 / 5	2025-10-30
4.4.3	5 / 5	2025-10-22
4.4.2	5 / 5	2025-10-15
4.4.1	5 / 5	2025-10-14
4.4.0	5 / 5	2025-10-13
4.3.0	5 / 5	2025-09-30
4.2.1	5 / 5	2025-09-10
4.2.0	5 / 5	2025-09-04
4.1.1	5 / 5	2025-08-06
4.1.0	5 / 5	2025-07-09
4.0.6	5 / 5	2025-05-29
4.0.5	5 / 5	2025-05-19
4.0.4	5 / 5	2025-03-24
4.0.3	5 / 5	2025-02-24
4.0.2	5 / 5	2025-01-15
4.0.1	5 / 5	2025-01-09
4.0.0	5 / 5	2025-01-06
3.3.3	5 / 5	2024-12-23
3.3.2	5 / 5	2024-12-09
3.3.1	5 / 5	2024-11-14
3.3.0	5 / 5	2024-11-14
3.2.5	5 / 5	2024-10-21
3.2.4	5 / 5	2024-09-30
3.2.3	5 / 5	2024-09-20
3.2.2	5 / 5	2024-09-13
3.2.1	5 / 5	2024-09-13
3.2.0	5 / 5	2024-09-09
3.1.4	5 / 5	2024-07-24
3.1.3	5 / 5	2024-07-15
3.1.2	5 / 5	2024-07-08
3.1.1	5 / 5	2024-06-27
3.1.0	5 / 5	2024-06-18
3.0.1	5 / 5	2024-06-12
3.0.0	5 / 5	2024-05-10

v4.8.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.7.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.7.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.7.6

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.