← Home

@aws-sdk/middleware-retry

npm Repository Homepage

[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-retry/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-retry) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-retry.svg)](https://www.npmjs.com/package/@aws

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mattsb42-awskuheamzn-ossaws-sdk-bottrivikr-aws

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern new-deps-added AI (publish-pattern): @aws-sdk/util-middleware is an internal AWS SDK monorepo package; adding intra-SDK dependencies is routine and not analogous to supply-chain attacks via external packages. ai
source-diff obfuscated-file:dist-es/StandardRetryStrategy.js AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. ai
source-diff obfuscated-file:dist-cjs/AdaptiveRetryStrategy.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-es/AdaptiveRetryStrategy.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-cjs/configurations.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry configuration. False positive for this package's build output. ai
source-diff obfuscated-file:dist-es/configurations.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry configuration. False positive for this package's build output. ai
source-diff obfuscated-file:dist-cjs/DefaultRateLimiter.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK rate limiter implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-es/DefaultRateLimiter.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK rate limiter implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-cjs/defaultRetryQuota.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry quota implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-es/defaultRetryQuota.js AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry quota implementation. False positive for this package's build output. ai
source-diff obfuscated-file:dist-cjs/omitRetryHeadersMiddleware.js AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. ai
source-diff obfuscated-file:dist-es/omitRetryHeadersMiddleware.js AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. ai
source-diff obfuscated-file:dist-cjs/retryMiddleware.js AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. ai
source-diff obfuscated-file:dist-cjs/StandardRetryStrategy.js AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. ai
maintainer-change maintainer-removed AI (maintainer-change): aws-sdk-bot manages hundreds of AWS SDK packages; maintainer roster changes are routine org restructuring, not takeover signals for this package family. ai
source-diff large-new-source-files AI (source-diff): AWS SDK v3 packages regularly add many source files across versions during active development; this is expected for an established SDK middleware package. ai
source-diff obfuscated-file:dist/es/DefaultRateLimiter.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
source-diff obfuscated-file:dist/cjs/StandardRetryStrategy.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
source-diff obfuscated-file:dist/es/StandardRetryStrategy.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
maintainer-change maintainer-added AI (maintainer-change): AWS SDK team growth; aws-sdk-bot publisher has exceptional track record. New maintainers are AWS employees, not suspicious. ai
source-diff obfuscated-file:dist/cjs/AdaptiveRetryStrategy.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
source-diff obfuscated-file:dist/cjs/DefaultRateLimiter.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
source-diff obfuscated-file:dist/es/AdaptiveRetryStrategy.js AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. ai
dependencies unvetted-dep:@aws-sdk/util-middleware AI (dependencies): Sibling AWS SDK v3 package pinned at the same version; consistent with the monorepo release pattern and not a security concern. ai
bogus-package bogus-package AI (bogus-package): AWS SDK middleware packages are internal SDK components; sparse READMEs and missing keywords are expected and not indicative of spam or malicious intent. ai
provenance no-provenance AI (provenance): aws-sdk-bot is a well-established, highly trusted publisher; lack of Sigstore provenance is not a concern for this package. ai

Versions (showing 100 of 120)

Version Deps Published
3.374.0 3 / 8
3.370.0 7 / 8
3.369.0 7 / 8
3.366.0 7 / 8
3.365.0 7 / 8
3.364.0 7 / 8
3.362.0 7 / 8
3.357.0 7 / 8
3.354.0 7 / 8
3.353.0 7 / 8
3.347.0 7 / 8
3.342.0 7 / 8
3.341.0 7 / 8
3.338.0 7 / 8
3.337.0 7 / 8
3.329.0 7 / 8
3.327.0 7 / 8
3.325.0 7 / 8
3.310.0 7 / 8
3.306.0 7 / 8
3.303.0 7 / 8
3.300.0 7 / 8
3.296.0 7 / 8
3.295.0 7 / 8
3.293.0 7 / 8
3.292.0 7 / 8
3.290.0 7 / 8
3.289.0 7 / 8
3.287.0 7 / 8
3.282.0 7 / 8
3.272.0 7 / 8
3.271.0 7 / 8
3.267.0 7 / 8
3.266.1 7 / 8
3.266.0 7 / 8
3.259.0 7 / 8
3.257.0 7 / 8
3.254.0 7 / 8
3.235.0 7 / 8
3.229.0 6 / 8
3.226.0 6 / 8
3.224.0 6 / 8
3.222.0 6 / 8
3.215.0 6 / 8
3.212.0 6 / 8
3.209.0 6 / 8
3.208.0 6 / 8
3.201.0 6 / 8
3.200.0 6 / 8
3.198.0 6 / 8
3.197.0 6 / 8
3.193.0 6 / 8
3.190.0 6 / 8
3.188.0 6 / 8
3.186.0 6 / 8
3.185.0 6 / 8
3.183.0 6 / 8
3.178.0 6 / 8
3.171.0 6 / 8
3.170.0 6 / 8
3.169.0 6 / 8
3.168.0 6 / 8
3.162.0 6 / 8
3.160.0 6 / 8
3.159.0 6 / 8
3.127.0 6 / 8
3.118.1 6 / 8
3.110.0 6 / 8
3.109.0 6 / 8
3.80.0 6 / 8
3.79.0 6 / 8
3.78.0 6 / 8
3.75.0 6 / 8
3.58.0 6 / 8
3.56.0 6 / 8
3.55.0 5 / 8
3.54.1 5 / 8
3.54.0 5 / 8
3.53.0 5 / 8
3.52.0 5 / 8
3.51.0 5 / 8
3.50.0 5 / 8
3.49.0 5 / 8
3.47.2 5 / 1
3.47.1 5 / 1
3.47.0 5 / 1
3.46.0 5 / 1
3.40.0 5 / 4
3.39.0 5 / 4
3.38.0 5 / 4
3.37.0 5 / 4
3.36.0 5 / 4
3.35.0 5 / 4
3.34.0 5 / 4
3.32.0 5 / 4
3.29.0 5 / 4
3.28.0 5 / 4
3.27.0 5 / 4
3.25.0 5 / 4
3.23.0 5 / 4
Showing 100 of 120 Next page →

v3.186.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.