@aws-sdk/credential-provider-node
AWS credential provider that sources credentials from a Node.JS environment.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@aws-sdk/credential-provider-process | AI (dependencies): @aws-sdk/credential-provider-process is an official AWS SDK sibling package published by the same aws-sdk-bot publisher; unvetted status is a pipeline ordering artifact, not a real risk. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency in package.json for TypeScript-compiled AWS SDK packages; the phantom-dep finding is a stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): AWS SDK bot does not publish Sigstore provenance attestations; this is consistent across the entire SDK monorepo and not a risk signal. | ai |
Versions (showing 100 of 512)
| Version | Deps | Published |
|---|---|---|
| 3.972.47 | 11 / 6 | |
| 3.972.46 | 11 / 6 | |
| 3.972.45 | 11 / 6 | |
| 3.972.44 | 11 / 6 | |
| 3.972.43 | 11 / 6 | |
| 3.972.42 | 11 / 6 | |
| 3.972.41 | 11 / 6 | |
| 3.972.40 | 11 / 6 | |
| 3.972.39 | 12 / 6 | |
| 3.972.38 | 12 / 6 | |
| 3.972.37 | 12 / 6 | |
| 3.972.36 | 12 / 6 | |
| 3.972.35 | 12 / 6 | |
| 3.972.34 | 12 / 6 | |
| 3.972.33 | 12 / 6 | |
| 3.972.32 | 12 / 6 | |
| 3.972.31 | 12 / 6 | |
| 3.972.30 | 12 / 6 | |
| 3.972.29 | 12 / 6 | |
| 3.972.28 | 12 / 6 | |
| 3.972.27 | 12 / 6 | |
| 3.972.26 | 12 / 6 | |
| 3.972.25 | 12 / 6 | |
| 3.972.24 | 12 / 6 | |
| 3.972.23 | 12 / 6 | |
| 3.972.22 | 12 / 6 | |
| 3.972.21 | 12 / 6 | |
| 3.972.20 | 12 / 6 | |
| 3.972.19 | 12 / 6 | |
| 3.972.18 | 12 / 6 | |
| 3.972.17 | 12 / 6 | |
| 3.972.16 | 12 / 6 | |
| 3.972.15 | 12 / 6 | |
| 3.972.14 | 12 / 6 | |
| 3.972.13 | 12 / 6 | |
| 3.972.12 | 12 / 6 | |
| 3.972.11 | 12 / 6 | |
| 3.972.10 | 12 / 6 | |
| 3.972.9 | 12 / 6 | |
| 3.972.8 | 12 / 6 | |
| 3.972.7 | 12 / 6 | |
| 3.972.6 | 12 / 6 | |
| 3.972.5 | 12 / 6 | |
| 3.972.4 | 12 / 6 | |
| 3.972.3 | 12 / 6 | |
| 3.972.2 | 12 / 6 | |
| 3.972.1 | 12 / 6 | |
| 3.972.0 | 12 / 6 | |
| 3.971.0 | 12 / 6 | |
| 3.970.0 | 12 / 6 | |
| 3.969.0 | 12 / 6 | |
| 3.968.0 | 12 / 6 | |
| 3.967.0 | 12 / 6 | |
| 3.966.0 | 12 / 6 | |
| 3.965.0 | 12 / 6 | |
| 3.964.0 | 12 / 6 | |
| 3.962.0 | 12 / 6 | |
| 3.958.0 | 12 / 6 | |
| 3.957.0 | 12 / 6 | |
| 3.956.0 | 12 / 6 | |
| 3.955.0 | 12 / 6 | |
| 3.954.0 | 12 / 6 | |
| 3.953.0 | 12 / 6 | |
| 3.952.0 | 12 / 6 | |
| 3.948.0 | 12 / 6 | |
| 3.947.0 | 12 / 6 | |
| 3.946.0 | 12 / 6 | |
| 3.943.0 | 12 / 6 | |
| 3.940.0 | 12 / 6 | |
| 3.939.0 | 12 / 6 | |
| 3.936.0 | 12 / 6 | |
| 3.935.0 | 12 / 6 | |
| 3.934.0 | 12 / 6 | |
| 3.933.0 | 12 / 6 | |
| 3.932.0 | 12 / 6 | |
| 3.931.0 | 12 / 6 | |
| 3.930.0 | 12 / 6 | |
| 3.929.0 | 12 / 6 | |
| 3.928.0 | 12 / 6 | |
| 3.927.0 | 12 / 6 | |
| 3.926.0 | 12 / 6 | |
| 3.925.0 | 12 / 6 | |
| 3.922.0 | 12 / 6 | |
| 3.921.0 | 12 / 6 | |
| 3.920.0 | 12 / 6 | |
| 3.919.0 | 12 / 6 | |
| 3.918.0 | 12 / 6 | |
| 3.917.0 | 12 / 6 | |
| 3.916.0 | 12 / 6 | |
| 3.914.0 | 12 / 6 | |
| 3.913.0 | 12 / 6 | |
| 3.911.0 | 12 / 6 | |
| 3.910.0 | 12 / 6 | |
| 3.908.0 | 12 / 6 | |
| 3.907.0 | 12 / 6 | |
| 3.906.0 | 12 / 6 | |
| 3.901.0 | 12 / 6 | |
| 3.899.0 | 12 / 6 | |
| 3.896.0 | 12 / 6 | |
| 3.895.0 | 12 / 6 |
v3.972.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.972.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.