@ai-sdk/amazon-bedrock No license 62 versions

@ai-sdk/amazon-bedrock

npm Repository Homepage

62

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are part of Vercel's AI SDK team; package is published by vercel-release-bot with strong track record. Team changes are expected for an active Vercel project.	ai	2026/04/26
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of jaredpalmer reflects normal Vercel team evolution; vercel-release-bot remains the publisher with consistent approval history.	ai	2026/04/26
provenance	no-provenance	AI (provenance): vercel-release-bot is a well-established trusted publisher; absence of Sigstore provenance is a minor gap, not a risk signal for this package.	ai	2026/04/26
dependencies	unvetted-dep:aws4fetch	AI (dependencies): aws4fetch is a legitimate, widely-used AWS Signature V4 signing library for fetch-based/edge environments. Its use here is architecturally appropriate as a replacement for @aws-sdk/client-bedrock-runtime.	ai	2026/04/25

Versions (showing 62 of 164)

Version	Deps	Published
4.0.6	6 / 6	2026-01-05
4.0.5	6 / 6	2026-01-05
4.0.4	6 / 6	2025-12-30
4.0.3	6 / 6	2025-12-23
4.0.2	6 / 6	2025-12-23
4.0.1	6 / 6	2025-12-22
4.0.0	6 / 6	2025-12-22
3.0.103	6 / 6	2026-06-16
3.0.102	6 / 6	2026-06-12
3.0.101	6 / 6	2026-06-09
3.0.100	6 / 6	2026-05-28
3.0.99	6 / 6	2026-04-30
3.0.97	6 / 6	2026-04-17
3.0.96	6 / 6	2026-04-17
3.0.95	6 / 6	2026-04-16
3.0.94	6 / 6	2026-04-16
3.0.93	6 / 6	2026-04-02
3.0.92	6 / 6	2026-04-02
3.0.91	6 / 6	2026-04-01
3.0.90	6 / 6	2026-04-01
3.0.89	6 / 6	2026-03-24
3.0.88	6 / 6	2026-03-13
3.0.87	6 / 6	2026-03-05
3.0.86	6 / 6	2026-03-05
3.0.85	6 / 6	2026-03-04
3.0.84	6 / 6	2026-02-24
3.0.83	6 / 6	2026-02-20
3.0.82	6 / 6	2026-02-17
3.0.81	6 / 6	2026-02-16
3.0.80	6 / 6	2026-02-13
3.0.79	6 / 6	2026-02-12
3.0.78	6 / 6	2026-02-10
3.0.77	6 / 6	2026-02-09
3.0.76	6 / 6	2026-02-06
3.0.75	6 / 6	2026-02-05
3.0.74	6 / 6	2026-01-30
3.0.73	6 / 6	2025-12-30
3.0.72	6 / 6	2025-12-24
3.0.71	6 / 6	2025-12-18
3.0.70	6 / 6	2025-12-12
3.0.69	6 / 6	2025-12-11
3.0.68	6 / 6	2025-12-09
3.0.67	6 / 6	2025-12-04
3.0.66	6 / 6	2025-12-03
3.0.65	6 / 6	2025-12-01
3.0.64	6 / 6	2025-12-01
3.0.63	6 / 6	2025-12-01
3.0.62	6 / 6	2025-11-27
3.0.61	6 / 6	2025-11-25
3.0.60	6 / 6	2025-11-25
3.0.59	6 / 6	2025-11-24
3.0.57	6 / 6	2025-11-22
3.0.56	6 / 6	2025-11-18
3.0.55	6 / 6	2025-11-15
3.0.54	6 / 6	2025-11-10
3.0.53	6 / 6	2025-11-10
3.0.52	6 / 6	2025-11-07
3.0.51	6 / 6	2025-11-03
3.0.50	6 / 5	2025-10-31
3.0.49	6 / 5	2025-10-29
3.0.48	6 / 5	2025-10-27
1.1.6	3 / 7	2025-01-31

v3.0.103

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.102

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.101

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.100

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.99

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.97

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.89

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.70

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.62

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.54

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.