← Home

@aws-sdk/client-ec2

npm Repository Homepage

AWS SDK for JavaScript Ec2 Client for Node.js, Browser and React Native

51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amzn-ossaws-sdk-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@aws-sdk/util-base64-node AI (phantom-deps): AWS SDK framework-scoped package loaded by convention for Node.js environment; expected pattern in monorepo. ai
phantom-deps phantom-dep:@aws-sdk/util-base64-browser AI (phantom-deps): AWS SDK framework-scoped package loaded by convention for browser environment; expected pattern in monorepo. ai
dependencies unvetted-dep:@aws-sdk/util-base64 AI (dependencies): AWS SDK sibling package published by the same trusted aws-sdk-bot publisher; unvetted status reflects review queue lag, not a security concern. ai
dependencies unvetted-dep:@aws-sdk/middleware-endpoint AI (dependencies): @aws-sdk/middleware-endpoint is an internal AWS SDK package published by the same aws-sdk-bot publisher; unvetted status is a pipeline artifact, not a real risk for this ecosystem. ai
bogus-package bogus-package AI (bogus-package): Generated AWS SDK client library; minimal README and no keywords are expected and benign for this package type. ai
dependencies unvetted-dep:@aws-sdk/util-waiter AI (dependencies): First-party AWS SDK package published by the same aws-sdk-bot publisher at the same version cadence; not a third-party unvetted dependency. ai
phantom-deps phantom-dep:fast-xml-parser AI (phantom-deps): Used for XML parsing in EC2 API responses; referenced in config/generated code rather than direct imports. Stable false positive for this package. ai
phantom-deps phantom-dep:@aws-sdk/middleware-stack AI (phantom-deps): Framework-scoped AWS SDK middleware package loaded by convention; phantom-dep finding is a stable false positive for this package. ai
publish-pattern new-deps-added AI (publish-pattern): @types/uuid is a benign TypeScript type definition package for uuid, which is already a declared dependency. No malicious signal. ai
source-diff large-new-source-files AI (source-diff): EC2 is one of AWS's largest services; new source files reflect API surface expansion (new features/instance types), consistent with the package's history of frequent large updates. ai
phantom-deps phantom-dep:uuid AI (phantom-deps): uuid is used indirectly through the AWS SDK framework; phantom detection is a false positive for this package's architecture. ai
phantom-deps phantom-dep:@types/uuid AI (phantom-deps): @types/uuid is a type-only package loaded by convention in the TypeScript build; phantom detection is a false positive here. ai
maintainer-change maintainer-removed AI (maintainer-change): AWS regularly rotates named maintainers; aws-sdk-bot is the stable publishing identity for all AWS SDK JS v3 packages. Maintainer rotation is expected and not a takeover signal. ai
phantom-deps phantom-dep:@aws-sdk/client-sts AI (phantom-deps): AWS SDK v3 loads client-sts dynamically via credential providers by convention; not a direct import but a legitimate runtime dependency pattern across all AWS SDK v3 clients. ai
phantom-deps phantom-dep:@aws-sdk/client-sso-oidc AI (phantom-deps): AWS SDK v3 loads client-sso-oidc dynamically via credential providers by convention; standard pattern across all AWS SDK v3 clients. ai
phantom-deps phantom-dep:@smithy/middleware-stack AI (phantom-deps): Smithy framework packages are loaded by convention in AWS SDK v3 architecture; phantom-dep finding is a stable false positive for this package. ai
phantom-deps phantom-dep:@smithy/middleware-serde AI (phantom-deps): Smithy framework packages are loaded by convention in AWS SDK v3 architecture; phantom-dep finding is a stable false positive for this package. ai
provenance no-provenance AI (provenance): AWS SDK bot is a well-established, trusted publisher; lack of Sigstore provenance is not a concern for this package. ai

Versions (showing 51 of 716)

View all versions
Version Deps Published
3.1057.0 11 / 8
3.1056.0 11 / 8
3.1055.0 11 / 8
3.1054.0 11 / 8
3.1053.0 11 / 8
3.1052.0 11 / 8
3.1051.0 11 / 8
3.1050.0 11 / 8
3.1049.0 11 / 8
3.1048.0 11 / 8
3.1047.0 19 / 8
3.1046.0 19 / 8
3.1045.0 41 / 8
3.1044.0 41 / 8
3.1043.0 41 / 8
3.1042.0 41 / 8
3.1041.0 41 / 8
3.1040.0 41 / 8
3.1039.0 41 / 8
3.1038.0 41 / 8
3.1037.0 41 / 8
3.1036.0 41 / 8
3.1035.0 41 / 8
3.1034.0 41 / 8
3.1033.0 41 / 8
3.1032.0 41 / 8
3.1031.0 41 / 8
3.1030.0 41 / 8
3.1029.0 41 / 8
3.1028.0 41 / 8
3.1027.0 41 / 8
3.1026.0 41 / 8
3.1025.0 41 / 8
3.1024.0 41 / 8
3.1023.0 41 / 8
3.1022.0 41 / 8
3.1021.0 41 / 8
3.1020.0 41 / 8
3.1019.0 41 / 8
3.1018.0 41 / 8
3.1017.0 41 / 8
3.1016.0 41 / 8
3.1015.0 41 / 8
3.1014.0 41 / 8
3.1013.0 41 / 8
3.1012.0 41 / 8
3.1011.0 41 / 8
3.1010.0 41 / 8
3.1009.0 41 / 8
3.1008.0 41 / 8
3.1007.0 41 / 8

v3.1057.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1056.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1055.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1054.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1053.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1052.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1051.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1050.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1049.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1048.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1047.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1046.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1045.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1044.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1043.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1042.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1041.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1040.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1039.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1038.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1037.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1036.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1035.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.