@smithy/types — Greenflagged

[![NPM version](https://img.shields.io/npm/v/@smithy/types/latest.svg)](https://www.npmjs.com/package/@smithy/types) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/types.svg)](https://www.npmjs.com/package/@smithy/types)

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

trivikr-awssmithy-teamaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from smithy-team to GitHub Actions CI/CD publishing with SLSA provenance; stable for this package.	ai	2026/06/03
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a declared runtime dep used implicitly by TypeScript compilation output.	ai	2026/06/03

Versions (showing 66 of 66)

Version	Deps	Published
4.15.0	1 / 4	2026-06-15
4.14.4	1 / 4	2026-06-12
4.14.3	1 / 4	2026-06-01
4.14.2	1 / 4	2026-05-15
4.14.1	1 / 4	2026-04-16
4.14.0	1 / 4	2026-04-06
4.13.1	1 / 4	2026-03-12
4.13.0	1 / 4	2026-02-24
4.12.1	1 / 4	2026-02-23
4.12.0	1 / 4	2026-01-13
4.11.0	1 / 4	2025-12-18
4.10.0	1 / 4	2025-12-15
4.9.0	1 / 4	2025-11-10
4.8.1	1 / 4	2025-10-30
4.8.0	1 / 4	2025-10-15
4.7.1	1 / 4	2025-10-14
4.7.0	1 / 4	2025-10-13
4.6.0	1 / 4	2025-09-30
4.5.0	1 / 4	2025-09-10
4.4.0	1 / 4	2025-09-04
4.3.2	1 / 4	2025-08-06
4.3.1	1 / 4	2025-05-29
4.3.0	1 / 4	2025-05-19
4.2.0	1 / 4	2025-03-24
4.1.0	1 / 4	2025-01-09
4.0.0	1 / 4	2025-01-06
3.7.2	1 / 4	2024-12-09
3.7.1	1 / 4	2024-11-14
3.7.0	1 / 4	2024-11-14
3.6.0	1 / 4	2024-10-21
3.5.0	1 / 4	2024-09-30
3.4.2	1 / 4	2024-09-13
3.4.1	1 / 4	2024-09-13
3.4.0	1 / 4	2024-09-09
3.3.0	1 / 4	2024-06-27
3.2.0	1 / 4	2024-06-18
3.1.0	1 / 4	2024-06-12
3.0.0	1 / 4	2024-05-10
2.12.0	1 / 5	2024-03-14
2.11.0	1 / 5	2024-03-07
2.10.1	1 / 5	2024-02-27
2.10.0	1 / 5	2024-02-22
2.9.1	1 / 5	2024-01-19
2.9.0	1 / 5	2024-01-17
2.8.0	1 / 5	2024-01-02
2.7.0	1 / 5	2023-12-05
2.6.0	1 / 5	2023-11-21
2.5.0	1 / 5	2023-11-13
2.4.0	1 / 5	2023-10-19
2.3.5	1 / 5	2023-10-06
2.3.4	1 / 5	2023-09-28
2.3.3	1 / 7	2023-09-19
2.3.2	1 / 7	2023-09-15
2.3.1	1 / 7	2023-09-12
2.3.0	1 / 7	2023-09-06
2.2.2	1 / 7	2023-08-22
2.2.1	1 / 7	2023-08-15
2.2.0	1 / 7	2023-08-11
2.1.0	1 / 7	2023-08-07
2.0.2	1 / 7	2023-07-25
2.0.1	1 / 7	2023-07-24
2.0.0	1 / 7	2023-07-24
1.2.0	1 / 7	2023-07-24
1.1.1	1 / 7	2023-07-06
1.1.0	1 / 7	2023-06-19
1.0.0	1 / 6	2023-04-27

v4.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.14.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.14.3

2 findings

HIGH Publisher changed: smithy-team → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.