← Home

cdk-assets

npm Repository Homepage

CDK Asset Publishing Tool

16
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

aws-cdk-team

Keywords

awscdk

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:lib/aws-types.js AI (source-diff): File contains generated AWS SDK type definitions (enums, constants) compiled from TypeScript. Long lines from object literals, not obfuscation. ai
semgrep semgrep:env-spread AI (semgrep): CDK asset tool passes env vars to Docker child processes; standard pattern for AWS tooling. ai
semgrep semgrep:base64-decode AI (semgrep): Decoding ECR authorization tokens from base64 is the documented AWS ECR auth flow. ai
semgrep semgrep:child-process-import AI (semgrep): Core functionality requires spawning Docker/CLI processes to publish CDK assets. ai
semgrep semgrep:child-process-spawn AI (semgrep): Core functionality requires spawning Docker/CLI processes to publish CDK assets. ai

Versions (showing 16 of 616)

Version Deps Published
1.36.1 5 / 12
1.36.0 5 / 12
1.35.0 5 / 12
1.34.1 5 / 12
1.34.0 5 / 12
1.33.1 5 / 12
1.33.0 5 / 12
1.32.2 5 / 12
1.32.1 5 / 12
1.32.0 5 / 12
1.31.0 5 / 12
1.30.0 5 / 12
1.29.0 5 / 12
1.28.0 5 / 10
1.27.0 5 / 10
1.26.0 5 / 10