← Home

@aws-sdk/credential-provider-imds

npm Repository Homepage

AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mattsb42-awskuheamzn-ossaws-sdk-bottrivikr-aws

Keywords

awscredentials

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist-es/remoteProvider/httpRequest.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-cjs/fromContainerMetadata.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-es/fromContainerMetadata.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-cjs/fromInstanceMetadata.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-es/fromInstanceMetadata.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-cjs/utils/getInstanceMetadataEndpoint.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-es/utils/getInstanceMetadataEndpoint.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist-cjs/remoteProvider/httpRequest.js AI (source-diff): Long lines caused by inline base64 source maps in AWS SDK TypeScript build output, not actual obfuscation. Stable false positive for this package. ai
source-diff obfuscated-file:dist/cjs/utils/getInstanceMetadataEndpoint.js AI (source-diff): False positive: the long lines are TypeScript-compiled JS with tslib __awaiter/__generator helpers, not obfuscation. Code is clearly readable and implements IMDS endpoint resolution. ai
source-diff obfuscated-file:dist/es/utils/getInstanceMetadataEndpoint.js AI (source-diff): False positive: ES module output with tslib generator helpers produces long single-line state machines. Code is readable and implements legitimate IMDS endpoint resolution logic. ai
source-diff large-new-source-files AI (source-diff): Diff is against v3.6.1; 64 new files reflect organic growth over ~180 versions, not injected code. Package structure is clean AWS SDK monorepo output. ai
maintainer-change maintainer-added AI (maintainer-change): AWS SDK team rotation; all maintainers are AWS-affiliated. Publisher remains aws-sdk-bot. Normal for a large AWS monorepo package. ai
publish-pattern new-deps-added AI (publish-pattern): New deps are first-party @aws-sdk packages pinned to the same version (3.186.0), consistent with AWS SDK monorepo release pattern. ai
maintainer-change maintainer-removed AI (maintainer-change): AWS SDK team rotation; removals paired with additions are consistent with normal team changes at AWS, not a takeover. ai
provenance no-provenance AI (provenance): aws-sdk-bot is a well-established AWS publisher; lack of Sigstore provenance is expected for this package family and not a security concern. ai

Versions (showing 100 of 106)

Version Deps Published
3.374.0 2 / 8
3.370.0 5 / 8
3.369.0 5 / 8
3.366.0 5 / 8
3.357.0 5 / 8
3.354.0 5 / 8
3.353.0 5 / 8
3.347.0 5 / 8
3.342.0 5 / 8
3.341.0 5 / 8
3.338.0 5 / 8
3.337.0 5 / 8
3.329.0 5 / 8
3.310.0 5 / 8
3.306.0 5 / 8
3.303.0 5 / 8
3.300.0 5 / 8
3.296.0 5 / 8
3.295.0 5 / 8
3.292.0 5 / 8
3.290.0 5 / 8
3.289.0 5 / 8
3.287.0 5 / 8
3.272.0 5 / 8
3.271.0 5 / 8
3.267.0 5 / 8
3.266.1 5 / 8
3.266.0 5 / 8
3.259.0 5 / 8
3.257.0 5 / 8
3.254.0 5 / 8
3.226.0 5 / 8
3.224.0 5 / 8
3.222.0 5 / 8
3.215.0 5 / 8
3.212.0 5 / 8
3.209.0 5 / 8
3.208.0 5 / 8
3.201.0 5 / 8
3.200.0 5 / 8
3.198.0 5 / 8
3.197.0 5 / 8
3.193.0 5 / 8
3.190.0 5 / 8
3.188.0 5 / 8
3.186.0 5 / 8
3.183.0 5 / 8
3.178.0 5 / 8
3.171.0 5 / 8
3.170.0 5 / 8
3.168.0 5 / 8
3.162.0 5 / 8
3.160.0 5 / 8
3.159.0 5 / 8
3.127.0 5 / 8
3.110.0 5 / 8
3.109.0 5 / 8
3.81.0 5 / 8
3.80.0 5 / 8
3.79.0 5 / 8
3.78.0 5 / 8
3.75.0 5 / 8
3.58.0 5 / 8
3.56.0 5 / 8
3.55.0 5 / 8
3.54.1 5 / 8
3.54.0 5 / 8
3.53.0 5 / 8
3.52.0 5 / 8
3.51.0 5 / 8
3.50.0 5 / 8
3.49.0 5 / 8
3.47.2 5 / 2
3.47.1 5 / 2
3.47.0 5 / 2
3.46.0 5 / 2
3.40.0 5 / 5
3.39.0 5 / 5
3.38.0 5 / 5
3.37.0 5 / 5
3.36.0 5 / 5
3.35.0 5 / 5
3.34.0 5 / 5
3.32.0 5 / 5
3.29.0 5 / 5
3.28.0 5 / 5
3.27.0 5 / 5
3.26.0 5 / 5
3.25.0 3 / 5
3.23.0 3 / 5
3.22.0 3 / 5
3.20.0 3 / 5
3.19.0 3 / 5
3.18.0 3 / 5
3.15.0 3 / 5
3.13.1 3 / 5
3.12.0 3 / 5
3.10.0 3 / 5
3.8.0 3 / 5
3.7.0 3 / 5
Showing 100 of 106 Next page →