amazon-cognito-auth-js
Amazon Cognito Auth JavaScript SDK
21
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
amzn-ossaws-amplify-opselorzafejamesirijpeddicordkaustavghosh06manuel.iglesiasmlabieniecmreddypowerful23undefobj
Keywords
amazonawscognitoauth
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; no-provenance is expected for 2018-era AWS SDK releases and is not a security concern for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): js-cookie is a well-established library; its addition to an auth SDK for cookie-based token storage is expected and benign. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from mreddy to powerful23 in 2018 reflects a legitimate AWS internal team transition; both are associated with AWS SDK maintenance. No malicious indicators. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers mlabieniec and powerful23 are AWS employees managing official AWS SDK packages; consistent with legitimate team transition in 2018. | ai | |
| dependencies | unvetted-dep:js-cookie | AI (dependencies): js-cookie is a well-known, widely-used library; its use in an auth SDK for cookie management is entirely expected and legitimate. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding is legitimate for OAuth/JWT token processing in a Cognito auth SDK; not obfuscation or malicious payload hiding. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 1.3.3 | 1 / 13 | |
| 1.3.2 | 1 / 13 | |
| 1.3.1 | 1 / 13 | |
| 1.3.0 | 1 / 13 | |
| 1.2.4 | 1 / 13 | |
| 1.2.3 | 1 / 13 | |
| 1.2.2 | 1 / 13 | |
| 1.2.1 | 1 / 13 | |
| 1.2.0 | 0 / 13 | |
| 1.1.9 | 0 / 13 | |
| 1.1.8 | 0 / 13 | |
| 1.1.7 | 0 / 13 | |
| 1.1.6 | 0 / 13 | |
| 1.1.5 | 0 / 13 | |
| 1.1.4 | 1 / 13 | |
| 1.1.3 | 1 / 13 | |
| 1.1.2 | 1 / 13 | |
| 1.1.1 | 1 / 13 | |
| 1.1.0 | 1 / 13 | |
| 1.0.1 | 1 / 13 | |
| 1.0.0 | 1 / 13 |