← Home

@aws-sdk/credential-provider-process

npm Repository Homepage

AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amzn-ossaws-sdk-bot

Keywords

awscredentials

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:child-process-exec AI (semgrep): This package's core purpose is executing a credential_process command from the user's AWS config. child_process.exec() is intentional and documented AWS SDK behavior, not a security risk. ai
phantom-deps phantom-dep:@aws-sdk/shared-ini-file-loader AI (phantom-deps): @aws-sdk/shared-ini-file-loader is a declared dependency in package.json and a legitimate sibling AWS SDK package; phantom-dep finding is a false positive here. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a declared runtime dependency used implicitly by compiled TypeScript output; this is a known false positive pattern for TypeScript packages. ai
semgrep semgrep:child-process-import AI (semgrep): child_process import is required for the credential_process feature; stable and expected for this package across all versions. ai

Versions (showing 100 of 284)

Version Deps Published
3.972.41 5 / 6
3.972.40 5 / 6
3.972.39 5 / 6
3.972.38 5 / 6
3.972.37 5 / 6
3.972.36 5 / 6
3.972.35 5 / 6
3.972.34 6 / 6
3.972.33 6 / 6
3.972.32 6 / 6
3.972.31 6 / 6
3.972.30 6 / 6
3.972.29 6 / 6
3.972.28 6 / 6
3.972.27 6 / 6
3.972.26 6 / 6
3.972.25 6 / 6
3.972.24 6 / 6
3.972.23 6 / 6
3.972.22 6 / 6
3.972.21 6 / 6
3.972.20 6 / 6
3.972.19 6 / 6
3.972.18 6 / 6
3.972.17 6 / 6
3.972.16 6 / 6
3.972.15 6 / 6
3.972.14 6 / 6
3.972.13 6 / 6
3.972.12 6 / 6
3.972.11 6 / 6
3.972.10 6 / 6
3.972.9 6 / 6
3.972.8 6 / 6
3.972.7 6 / 6
3.972.6 6 / 6
3.972.5 6 / 6
3.972.4 6 / 6
3.972.3 6 / 6
3.972.2 6 / 6
3.972.1 6 / 6
3.972.0 6 / 6
3.970.0 6 / 6
3.969.0 6 / 6
3.968.0 6 / 6
3.967.0 6 / 6
3.966.0 6 / 6
3.965.0 6 / 6
3.964.0 6 / 6
3.957.0 6 / 6
3.956.0 6 / 6
3.954.0 6 / 6
3.953.0 6 / 6
3.947.0 6 / 6
3.946.0 6 / 6
3.943.0 6 / 6
3.940.0 6 / 6
3.936.0 6 / 6
3.935.0 6 / 6
3.934.0 6 / 6
3.932.0 6 / 6
3.931.0 6 / 6
3.930.0 6 / 6
3.928.0 6 / 6
3.927.0 6 / 6
3.926.0 6 / 6
3.922.0 6 / 6
3.921.0 6 / 6
3.920.0 6 / 6
3.916.0 6 / 6
3.914.0 6 / 6
3.911.0 6 / 6
3.910.0 6 / 6
3.908.0 6 / 6
3.907.0 6 / 6
3.906.0 6 / 6
3.901.0 6 / 6
3.899.0 6 / 6
3.896.0 6 / 6
3.894.0 6 / 6
3.893.0 6 / 6
3.890.0 6 / 6
3.888.0 6 / 6
3.887.0 6 / 6
3.883.0 6 / 6
3.882.0 6 / 6
3.879.0 6 / 6
3.876.0 6 / 6
3.873.0 6 / 6
3.864.0 6 / 6
3.863.0 6 / 6
3.862.0 6 / 6
3.858.0 6 / 6
3.857.0 6 / 6
3.856.0 6 / 6
3.855.0 6 / 6
3.846.0 6 / 6
3.845.0 6 / 6
3.844.0 6 / 6
3.840.0 6 / 6
Showing 100 of 284 Next page →

v3.972.41

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.40

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.39

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.38

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.37

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.36

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.35

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.34

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.33

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.32

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.31

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.972.30

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.