@aws-amplify/ui — Greenflagged

`@aws-amplify/ui` contains low-level logic & styles for stand-alone usage or re-use in framework-specific implementations.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amzn-ossaws-amplify-opsamplify-studio-uibuilderamplify-codegenamplify-data-dev-npmaws-amplify-data-runtime

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/esm/machines/authenticator/actors/resetPassword.mjs	AI (source-diff): Rollup+terser minified output of xstate state machines for auth flows. Legitimate build artifact, not obfuscation.	ai	2026/04/23
source-diff	obfuscated-file:dist/esm/machines/authenticator/signUp.mjs	AI (source-diff): Rollup+terser minified output of xstate state machines for auth flows. Legitimate build artifact, not obfuscation.	ai	2026/04/23
source-diff	large-new-source-files	AI (source-diff): Large official AWS Amplify UI package with many modules; new files are expected across versions.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): aws-amplify-docs-eng-ops is an AWS organizational account; addition is consistent with AWS team restructuring during major version release.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): mlabieniec removal alongside aws-amplify-ops as publisher reflects normal AWS team rotation, not a hostile takeover.	ai	2026/04/23
publish-pattern	new-deps-added	AI (publish-pattern): csstype is a well-known, widely-used CSS type definitions package; legitimate addition for a UI library major version.	ai	2026/04/23
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is declared as a runtime dependency in package.json and is a standard TypeScript helper; phantom-dep flag is a false positive here.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Signals reflect AWS Amplify monorepo publishing patterns (many templated packages, minimal README for sub-packages). Not spam.	ai	2026/04/21
typosquat	typosquat.levenshtein:uuid	AI (typosquat): @aws-amplify/ui is an official AWS scoped package, not a typosquat of uuid. Levenshtein distance match is a false positive for scoped packages.	ai	2026/04/21
typosquat	typosquat.levenshtein:pg	AI (typosquat): @aws-amplify/ui is an official AWS scoped package, not a typosquat of pg. False positive.	ai	2026/04/21
typosquat	typosquat.levenshtein:qs	AI (typosquat): @aws-amplify/ui is an official AWS scoped package, not a typosquat of qs. False positive.	ai	2026/04/21
typosquat	typosquat.levenshtein:joi	AI (typosquat): @aws-amplify/ui is an official AWS scoped package, not a typosquat of joi. False positive.	ai	2026/04/21
typosquat	typosquat.levenshtein:yup	AI (typosquat): @aws-amplify/ui is an official AWS scoped package, not a typosquat of yup. False positive.	ai	2026/04/21

Versions (showing 100 of 362)

Hide prereleases

Version	Deps	Published
3.12.4	3 / 18	2022-07-26
3.12.3	3 / 18	2022-07-19
3.12.2	3 / 18	2022-07-12
3.12.1	3 / 18	2022-06-29
3.12.0	3 / 18	2022-06-23
3.11.1	3 / 18	2022-06-21
3.11.0	3 / 18	2022-06-17
3.10.1	3 / 18	2022-06-14
3.10.0	3 / 18	2022-06-08
3.9.2	3 / 18	2022-05-24
3.9.1	3 / 18	2022-05-19
3.9.0	3 / 18	2022-05-17
3.8.3	3 / 18	2022-05-12
3.8.2	3 / 18	2022-05-10
3.8.1	3 / 18	2022-05-09
3.8.0	3 / 18	2022-05-05
3.7.0	3 / 18	2022-05-03
3.6.8	3 / 18	2022-04-29
3.6.7	3 / 18	2022-04-28
3.6.6	3 / 18	2022-04-26
3.6.5	3 / 18	2022-04-21
3.6.4	3 / 18	2022-04-20
3.6.3	3 / 18	2022-04-13
3.6.2	3 / 18	2022-04-11
3.6.1	3 / 18	2022-04-07
3.6.0	3 / 18	2022-04-06
3.5.1	3 / 18	2022-04-05
3.5.0	3 / 18	2022-04-05
3.4.1	3 / 18	2022-03-31
3.4.0	3 / 18	2022-03-30
3.3.2	3 / 15	2022-03-22
3.3.1	3 / 15	2022-03-15
3.3.0	3 / 15	2022-03-10
3.2.1	3 / 15	2022-03-09
3.2.0	3 / 15	2022-03-03
3.1.0	3 / 15	2022-03-01
3.0.15	3 / 15	2022-02-22
3.0.14	3 / 15	2022-02-17
3.0.13	3 / 15	2022-02-15
3.0.12	3 / 15	2022-02-04
3.0.11	3 / 15	2022-02-01
3.0.10	3 / 15	2022-01-27
3.0.9	3 / 15	2022-01-25
3.0.8	3 / 15	2022-01-18
3.0.7	3 / 15	2022-01-11
3.0.6	3 / 15	2022-01-05
3.0.5	3 / 15	2021-12-14
3.0.4	3 / 15	2021-12-08
3.0.3	3 / 15	2021-11-29
3.0.2	3 / 15	2021-11-24
3.0.1	3 / 15	2021-11-22
3.0.0	3 / 15	2021-11-18
2.0.7	0 / 11	2022-10-26
2.0.6	0 / 11	2022-10-25
2.0.5	0 / 11	2021-12-03
2.0.4	0 / 11	2021-12-03
2.0.3	0 / 11	2021-05-14
2.0.2	0 / 11	2020-04-02
2.0.1	0 / 11	2020-03-31
1.2.3	0 / 11	2020-01-11
1.1.6	0 / 11	2020-03-25
1.1.5	0 / 11	2020-02-07
1.1.4	0 / 11	2020-01-10
1.1.3	0 / 11	2019-10-23
1.1.2	0 / 11	2019-10-10
1.1.0	0 / 11	2019-10-10
1.0.25	0 / 11	2019-09-13
1.0.24	0 / 11	2019-08-21
1.0.23	0 / 11	2019-07-30
1.0.22	0 / 11	2019-07-18
1.0.20	0 / 11	2019-06-17
1.0.19	0 / 19	2019-05-06
1.0.18	0 / 19	2019-03-28
1.0.17	0 / 19	2019-03-06
1.0.16	0 / 18	2019-03-04
1.0.15	0 / 18	2019-01-10
1.0.14	0 / 18	2018-12-15
1.0.13	0 / 18	2018-12-14
1.0.12	0 / 18	2018-12-14
1.0.11	0 / 18	2018-12-13
1.0.10	0 / 18	2018-12-03
1.0.9	0 / 18	2018-11-01
1.0.8	0 / 18	2018-10-29
1.0.7	0 / 18	2018-10-17
1.0.6	0 / 18	2018-10-04
1.0.5	0 / 18	2018-10-02
1.0.4	0 / 18	2018-09-27
1.0.3	0 / 18	2018-09-17
1.0.2	0 / 18	2018-08-28
1.0.1	0 / 18	2018-08-28
0.0.0-next-fc6e149-20251211181250	3 / 7	2025-12-11
0.0.0-next-f5d5e72-20260311125245	3 / 8	2026-03-11
0.0.0-next-f5bf6fa-20260205153348	3 / 8	2026-02-05
0.0.0-next-f57b0e6-20251119143223	3 / 7	2025-11-19
0.0.0-next-f1561e3-20260112154904	3 / 8	2026-01-12
0.0.0-next-f1561e3-20260112151538	3 / 8	2026-01-12
0.0.0-next-e804e8f-20260303100023	3 / 8	2026-03-03
0.0.0-next-e7dfb41-20260122101400	3 / 8	2026-01-22
0.0.0-next-e51fdca-20260310152830	3 / 8	2026-03-10
0.0.0-next-e45b1fe-20260204143038	3 / 8	2026-02-04

Showing 100 of 362 Next page →