@zero-transfer/s3 MIT 6 versions

@zero-transfer/s3

npm Repository Homepage

S3-compatible storage with SigV4, multipart upload, and resume.

6

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

molex222

Keywords

zero-transfers3s3object-storagemultipart

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/index.d.mts	AI (source-diff): TypeScript declaration file with long lines from bundled type definitions; not obfuscated code.	ai	2026/05/27
source-diff	source-size-tripled	AI (source-diff): Size increase explained by addition of source maps and bundled .d.mts declaration file.	ai	2026/05/27
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped S3-storage package; Levenshtein match to 'pg' is a false positive with no plausible impersonation intent.	ai	2026/04/30
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped S3-storage package; Levenshtein match to 'qs' is a false positive with no plausible impersonation intent.	ai	2026/04/30

Versions (showing 6 of 6)

Version	Deps	Published
0.1.6	0 / 0	2026-04-29
0.1.5	0 / 0	2026-04-29
0.1.4	0 / 0	2026-04-29
0.1.3	0 / 0	2026-04-29
0.1.2	0 / 0	2026-04-29
0.1.1	0 / 0	2026-04-29

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

2 findings

HIGH New obfuscated file: dist/index.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.