@aws-sdk/client-lambda
AWS SDK for JavaScript Lambda Client for Node.js, Browser and React Native
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@aws-sdk/middleware-stack | AI (phantom-deps): Framework-scoped AWS SDK package loaded by convention; standard pattern in AWS SDK v3 architecture. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/util-base64-node | AI (phantom-deps): Framework-scoped AWS SDK utility loaded by convention; standard pattern in AWS SDK v3 architecture. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/util-base64-browser | AI (phantom-deps): Framework-scoped AWS SDK utility loaded by convention; standard pattern in AWS SDK v3 architecture. | ai | |
| dependencies | unvetted-dep:@smithy/smithy-client | AI (dependencies): Core Smithy runtime dependency; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@aws-sdk/util-endpoints | AI (dependencies): Standard AWS SDK v3 utility dependency. | ai | |
| dependencies | unvetted-dep:@smithy/middleware-retry | AI (dependencies): Standard Smithy middleware; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@smithy/middleware-serde | AI (dependencies): Standard Smithy serialization middleware; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@aws-crypto/sha256-browser | AI (dependencies): Standard AWS crypto dependency used across all AWS SDK v3 clients. | ai | |
| dependencies | unvetted-dep:@aws-sdk/middleware-logger | AI (dependencies): Standard AWS SDK v3 middleware dependency. | ai | |
| dependencies | unvetted-dep:@smithy/middleware-endpoint | AI (dependencies): Standard Smithy middleware; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@aws-sdk/util-user-agent-node | AI (dependencies): Standard AWS SDK v3 utility dependency. | ai | |
| dependencies | unvetted-dep:@smithy/core | AI (dependencies): Core AWS SDK v3 / Smithy runtime dependency; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@smithy/eventstream-serde-node | AI (dependencies): Standard Smithy eventstream dependency; expected for Lambda client with streaming support. | ai | |
| dependencies | unvetted-dep:@aws-sdk/middleware-host-header | AI (dependencies): Standard AWS SDK v3 middleware dependency. | ai | |
| dependencies | unvetted-dep:@smithy/util-defaults-mode-node | AI (dependencies): Standard Smithy utility; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@aws-sdk/credential-provider-node | AI (dependencies): Standard AWS SDK v3 credential provider; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@smithy/eventstream-serde-browser | AI (dependencies): Standard Smithy eventstream dependency for browser environments. | ai | |
| dependencies | unvetted-dep:@smithy/util-defaults-mode-browser | AI (dependencies): Standard Smithy utility for browser environments; expected for all @aws-sdk/* client packages. | ai | |
| phantom-deps | phantom-dep:@smithy/middleware-serde | AI (phantom-deps): Framework-scoped package loaded by convention in AWS SDK v3; not a direct import but a legitimate transitive dependency. | ai | |
| phantom-deps | phantom-dep:@smithy/middleware-stack | AI (phantom-deps): Framework-scoped package loaded by convention in AWS SDK v3; not a direct import but a legitimate transitive dependency. | ai | |
| dependencies | unvetted-dep:@aws-sdk/middleware-user-agent | AI (dependencies): Standard AWS SDK v3 middleware dependency. | ai | |
| dependencies | unvetted-dep:@aws-sdk/core | AI (dependencies): Core AWS SDK v3 dependency; expected for all @aws-sdk/* client packages. | ai | |
| dependencies | unvetted-dep:@aws-crypto/sha256-js | AI (dependencies): Standard AWS crypto dependency used across all AWS SDK v3 clients. | ai |
Versions (showing 51 of 592)
| Version | Deps | Published |
|---|---|---|
| 3.1057.0 | 10 / 8 | |
| 3.1056.0 | 10 / 8 | |
| 3.1055.0 | 10 / 8 | |
| 3.1054.0 | 10 / 8 | |
| 3.1053.0 | 10 / 8 | |
| 3.1052.0 | 10 / 8 | |
| 3.1051.0 | 10 / 8 | |
| 3.1050.0 | 10 / 8 | |
| 3.1049.0 | 10 / 8 | |
| 3.1048.0 | 10 / 8 | |
| 3.1047.0 | 18 / 8 | |
| 3.1046.0 | 18 / 8 | |
| 3.1045.0 | 44 / 8 | |
| 3.1044.0 | 44 / 8 | |
| 3.1043.0 | 44 / 8 | |
| 3.1042.0 | 44 / 8 | |
| 3.1041.0 | 44 / 8 | |
| 3.1040.0 | 44 / 8 | |
| 3.1039.0 | 44 / 8 | |
| 3.1038.0 | 44 / 8 | |
| 3.1037.0 | 44 / 8 | |
| 3.1036.0 | 44 / 8 | |
| 3.1035.0 | 44 / 8 | |
| 3.1034.0 | 44 / 6 | |
| 3.1033.0 | 44 / 6 | |
| 3.1032.0 | 44 / 6 | |
| 3.1031.0 | 44 / 6 | |
| 3.1030.0 | 44 / 6 | |
| 3.1029.0 | 44 / 6 | |
| 3.1028.0 | 44 / 6 | |
| 3.1027.0 | 44 / 6 | |
| 3.1026.0 | 44 / 6 | |
| 3.1025.0 | 44 / 6 | |
| 3.1024.0 | 44 / 6 | |
| 3.1023.0 | 44 / 6 | |
| 3.1022.0 | 44 / 6 | |
| 3.1021.0 | 44 / 6 | |
| 3.1020.0 | 44 / 6 | |
| 3.1019.0 | 44 / 6 | |
| 3.1018.0 | 44 / 6 | |
| 3.1017.0 | 44 / 6 | |
| 3.1016.0 | 44 / 6 | |
| 3.1015.0 | 44 / 6 | |
| 3.1014.0 | 44 / 6 | |
| 3.1013.0 | 44 / 6 | |
| 3.1012.0 | 44 / 6 | |
| 3.1011.0 | 44 / 6 | |
| 3.1010.0 | 44 / 6 | |
| 3.1009.0 | 44 / 6 | |
| 3.1008.0 | 44 / 6 | |
| 3.1007.0 | 44 / 6 |
v3.1057.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1056.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1055.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1054.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1053.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1052.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1051.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1050.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1049.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1048.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1047.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1046.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1045.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1044.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1043.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1042.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1041.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1040.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1039.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1038.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1037.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1036.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1035.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.