@aws-amplify/data-schema
51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
amzn-ossaws-amplify-opsamplify-studio-uibuilderamplify-codegenamplify-data-dev-npmaws-amplify-data-runtime
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): 4.1x size increase explained by compiled output (tsbuildinfo, .js.map files); consistent with build refactor. | ai | |
| source-diff | obfuscated-file:dist/esm/ai/ConversationSchemaGraphQLTypes.d.ts | AI (source-diff): File is a TypeScript declaration exporting a GraphQL schema string constant, not obfuscated code. Normal pattern for schema distribution in AWS Amplify packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Common in AWS monorepo subpackages; not indicative of malice. | ai | |
| phantom-deps | phantom-dep:@types/aws-lambda | AI (phantom-deps): Framework-scoped type definitions loaded by convention in AWS packages. | ai | |
| phantom-deps | phantom-dep:@types/json-schema | AI (phantom-deps): Framework-scoped type definitions loaded by convention in schema packages. | ai | |
| dependencies | unvetted-dep:rxjs | AI (dependencies): rxjs is an established, widely-used reactive library; version constraint ^7.8.1 is reasonable and stable. | ai | |
| dependencies | unvetted-dep:@types/aws-lambda | AI (dependencies): Type definitions for AWS Lambda; framework-scoped dependency typical in AWS packages. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 228 new files are compiled distribution artifacts and source maps, not injected code. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are established AWS/Smithy utilities; no suspicious patterns. | ai | |
| dependencies | unvetted-dep:@smithy/util-base64 | AI (dependencies): Smithy utility from AWS SDK; standard dependency for AWS service integration. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Addition of aws-amplify-data-runtime is consistent with AWS internal team organization; no takeover indicators present. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Routine maintainer rotation in large org; no concurrent new maintainers or takeover indicators. | ai | |
| provenance | no-provenance | AI (provenance): Provenance not yet standard for AWS Amplify releases; not a security indicator. | ai |
Versions (showing 51 of 119)
| Version | Deps | Published |
|---|---|---|
| 1.23.0 | 5 / 10 | |
| 1.22.2 | 5 / 10 | |
| 1.22.1 | 5 / 10 | |
| 1.13.2 | 5 / 11 | |
| 1.13.1 | 5 / 11 | |
| 1.13.0 | 5 / 11 | |
| 1.12.2 | 5 / 11 | |
| 1.12.1 | 5 / 11 | |
| 1.12.0 | 5 / 11 | |
| 1.11.0 | 5 / 11 | |
| 1.10.2 | 5 / 11 | |
| 1.10.1 | 5 / 11 | |
| 1.10.0 | 5 / 11 | |
| 1.9.2 | 5 / 11 | |
| 1.9.1 | 5 / 11 | |
| 1.9.0 | 5 / 11 | |
| 1.8.1 | 5 / 11 | |
| 1.8.0 | 5 / 11 | |
| 1.7.0 | 5 / 11 | |
| 1.6.3 | 5 / 11 | |
| 1.6.2 | 5 / 11 | |
| 1.6.1 | 5 / 11 | |
| 1.6.0 | 5 / 11 | |
| 1.5.1 | 5 / 11 | |
| 1.5.0 | 5 / 11 | |
| 1.4.1 | 3 / 11 | |
| 1.4.0 | 3 / 11 | |
| 1.3.10 | 3 / 11 | |
| 1.3.9 | 3 / 11 | |
| 1.3.8 | 3 / 11 | |
| 1.3.7 | 3 / 11 | |
| 1.3.6 | 3 / 11 | |
| 1.3.5 | 3 / 11 | |
| 1.3.4 | 3 / 11 | |
| 1.3.3 | 3 / 11 | |
| 1.3.2 | 3 / 11 | |
| 1.3.1 | 3 / 11 | |
| 1.3.0 | 3 / 11 | |
| 1.2.9 | 3 / 11 | |
| 1.2.8 | 3 / 11 | |
| 1.2.7 | 3 / 11 | |
| 1.2.6 | 3 / 11 | |
| 1.2.5 | 3 / 11 | |
| 1.2.4 | 3 / 11 | |
| 1.2.3 | 3 / 11 | |
| 1.2.2 | 3 / 11 | |
| 1.2.1 | 3 / 11 | |
| 1.2.0 | 3 / 11 | |
| 1.1.6 | 3 / 11 | |
| 1.1.5 | 3 / 11 | |
| 1.1.4 | 3 / 11 |