@aws-sdk/ec2-metadata-service
[](https://www.npmjs.com/package/@aws-sdk/ec2-metadata-service) [](https://www.npmjs.com/
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Versions (showing 23 of 223)
| Version | Deps | Published |
|---|---|---|
| 3.665.0 | 7 / 7 | |
| 3.658.1 | 7 / 7 | |
| 3.651.1 | 7 / 7 | |
| 3.650.0 | 7 / 7 | |
| 3.645.0 | 7 / 7 | |
| 3.630.0 | 7 / 7 | |
| 3.621.0 | 7 / 7 | |
| 3.617.0 | 7 / 7 | |
| 3.616.0 | 7 / 7 | |
| 3.598.0 | 7 / 7 | |
| 3.596.0 | 7 / 7 | |
| 3.575.0 | 7 / 7 | |
| 3.574.0 | 7 / 7 | |
| 3.569.0 | 7 / 7 | |
| 3.568.0 | 7 / 7 | |
| 3.563.0 | 7 / 7 | |
| 3.556.0 | 7 / 7 | |
| 3.554.0 | 7 / 7 | |
| 3.552.0 | 7 / 7 | |
| 3.549.0 | 7 / 7 | |
| 3.540.0 | 7 / 7 | |
| 3.539.0 | 7 / 7 | |
| 3.538.0 | 7 / 7 |
v3.556.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.554.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.552.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.549.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.540.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.539.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.538.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.