@aws-sdk/client-sts
AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@aws-sdk/middleware-stack | AI (phantom-deps): AWS SDK v3 monorepo uses convention-based loading; middleware-stack being declared but not directly imported is an expected architectural pattern across all versions. | ai | |
| provenance | no-provenance | AI (provenance): aws-sdk-bot publishes hundreds of packages without Sigstore provenance; this is consistent across the entire AWS SDK v3 ecosystem and not a risk signal. | ai | |
| source-diff | encoded-string-file:dist-types/commands/AssumeRoleCommand.d.ts | AI (source-diff): Long encoded strings are AWS example SessionTokens in JSDoc documentation comments — stable false positive for this AWS SDK package. | ai | |
| source-diff | encoded-string-file:dist-types/commands/AssumeRoleWithSAMLCommand.d.ts | AI (source-diff): Long encoded strings are example SAML assertions and SessionTokens in JSDoc documentation comments — stable false positive for this AWS SDK package. | ai | |
| source-diff | encoded-string-file:dist-types/commands/AssumeRootCommand.d.ts | AI (source-diff): Long encoded strings are example SessionTokens in JSDoc documentation comments — stable false positive for this AWS SDK package. | ai | |
| source-diff | encoded-string-file:dist-types/commands/GetFederationTokenCommand.d.ts | AI (source-diff): Long encoded strings are example SessionTokens in JSDoc documentation comments — stable false positive for this AWS SDK package. | ai | |
| source-diff | encoded-string-file:dist-types/commands/GetSessionTokenCommand.d.ts | AI (source-diff): Long encoded strings are example SessionTokens in JSDoc documentation comments — stable false positive for this AWS SDK package. | ai | |
| phantom-deps | phantom-dep:@smithy/middleware-serde | AI (phantom-deps): Framework-scoped Smithy package loaded by convention in AWS SDK v3; not a direct import by design. | ai | |
| phantom-deps | phantom-dep:@smithy/middleware-stack | AI (phantom-deps): Framework-scoped Smithy package loaded by convention in AWS SDK v3; not a direct import by design. | ai |
Versions (showing 100 of 569)
| Version | Deps | Published |
|---|---|---|
| 3.1057.0 | 11 / 8 | |
| 3.1056.0 | 11 / 8 | |
| 3.1055.0 | 11 / 8 | |
| 3.1054.0 | 11 / 8 | |
| 3.1053.0 | 11 / 8 | |
| 3.1052.0 | 11 / 8 | |
| 3.1051.0 | 11 / 8 | |
| 3.1050.0 | 11 / 8 | |
| 3.1049.0 | 11 / 8 | |
| 3.1048.0 | 11 / 8 | |
| 3.1047.0 | 19 / 8 | |
| 3.1046.0 | 19 / 8 | |
| 3.1045.0 | 40 / 8 | |
| 3.1044.0 | 40 / 8 | |
| 3.1043.0 | 40 / 8 | |
| 3.1042.0 | 40 / 8 | |
| 3.1041.0 | 40 / 8 | |
| 3.1040.0 | 40 / 8 | |
| 3.1039.0 | 40 / 8 | |
| 3.1038.0 | 40 / 8 | |
| 3.1037.0 | 40 / 8 | |
| 3.1036.0 | 40 / 8 | |
| 3.1035.0 | 40 / 8 | |
| 3.1034.0 | 40 / 8 | |
| 3.1033.0 | 40 / 8 | |
| 3.1032.0 | 40 / 8 | |
| 3.1031.0 | 39 / 8 | |
| 3.1030.0 | 39 / 8 | |
| 3.1029.0 | 39 / 8 | |
| 3.1028.0 | 39 / 8 | |
| 3.1027.0 | 39 / 8 | |
| 3.1026.0 | 39 / 8 | |
| 3.1025.0 | 39 / 8 | |
| 3.1024.0 | 39 / 8 | |
| 3.1023.0 | 39 / 8 | |
| 3.1022.0 | 39 / 8 | |
| 3.1021.0 | 39 / 8 | |
| 3.1020.0 | 39 / 8 | |
| 3.1019.0 | 39 / 8 | |
| 3.1018.0 | 39 / 8 | |
| 3.1017.0 | 39 / 8 | |
| 3.1016.0 | 39 / 8 | |
| 3.1015.0 | 39 / 8 | |
| 3.1014.0 | 39 / 8 | |
| 3.1013.0 | 39 / 8 | |
| 3.1012.0 | 39 / 8 | |
| 3.1011.0 | 39 / 8 | |
| 3.1010.0 | 39 / 8 | |
| 3.1009.0 | 39 / 8 | |
| 3.1008.0 | 39 / 8 | |
| 3.1007.0 | 39 / 8 | |
| 3.1006.0 | 39 / 8 | |
| 3.1005.0 | 39 / 8 | |
| 3.1004.0 | 39 / 8 | |
| 3.1003.0 | 39 / 8 | |
| 3.1002.0 | 39 / 8 | |
| 3.1001.0 | 39 / 8 | |
| 3.1000.0 | 39 / 8 | |
| 3.999.0 | 39 / 6 | |
| 3.998.0 | 39 / 6 | |
| 3.997.0 | 39 / 6 | |
| 3.996.0 | 39 / 6 | |
| 3.995.0 | 39 / 6 | |
| 3.994.0 | 39 / 6 | |
| 3.993.0 | 39 / 6 | |
| 3.992.0 | 39 / 6 | |
| 3.991.0 | 39 / 6 | |
| 3.990.0 | 39 / 6 | |
| 3.989.0 | 39 / 6 | |
| 3.988.0 | 39 / 6 | |
| 3.987.0 | 39 / 6 | |
| 3.986.0 | 39 / 6 | |
| 3.985.0 | 39 / 6 | |
| 3.984.0 | 39 / 6 | |
| 3.983.0 | 39 / 6 | |
| 3.982.0 | 39 / 6 | |
| 3.981.0 | 39 / 6 | |
| 3.980.0 | 39 / 6 | |
| 3.978.0 | 39 / 6 | |
| 3.975.0 | 39 / 6 | |
| 3.974.0 | 39 / 6 | |
| 3.972.0 | 39 / 6 | |
| 3.971.0 | 39 / 6 | |
| 3.970.0 | 39 / 6 | |
| 3.969.0 | 39 / 6 | |
| 3.968.0 | 39 / 6 | |
| 3.967.0 | 39 / 6 | |
| 3.966.0 | 39 / 6 | |
| 3.965.0 | 39 / 6 | |
| 3.964.0 | 39 / 6 | |
| 3.962.0 | 39 / 6 | |
| 3.958.0 | 39 / 6 | |
| 3.957.0 | 39 / 6 | |
| 3.956.0 | 39 / 6 | |
| 3.955.0 | 39 / 6 | |
| 3.954.0 | 39 / 6 | |
| 3.953.0 | 39 / 6 | |
| 3.952.0 | 39 / 6 | |
| 3.948.0 | 39 / 6 | |
| 3.947.0 | 39 / 6 |
v3.1057.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1056.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1055.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1054.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1053.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1052.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1051.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1050.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1049.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1048.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1047.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1046.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1045.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1044.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1043.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1042.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1041.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1040.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1039.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1038.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1037.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1036.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1035.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.