@aws-sdk/middleware-retry
[](https://www.npmjs.com/package/@aws-sdk/middleware-retry) [](https://www.npmjs.com/package/@aws
20
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
mattsb42-awskuheamzn-ossaws-sdk-bottrivikr-aws
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): @aws-sdk/util-middleware is an internal AWS SDK monorepo package; adding intra-SDK dependencies is routine and not analogous to supply-chain attacks via external packages. | ai | |
| source-diff | obfuscated-file:dist-es/StandardRetryStrategy.js | AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. | ai | |
| source-diff | obfuscated-file:dist-cjs/AdaptiveRetryStrategy.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-es/AdaptiveRetryStrategy.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-cjs/configurations.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry configuration. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-es/configurations.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry configuration. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-cjs/DefaultRateLimiter.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK rate limiter implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-es/DefaultRateLimiter.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK rate limiter implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-cjs/defaultRetryQuota.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry quota implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-es/defaultRetryQuota.js | AI (source-diff): Long line is an inline base64 source map, not obfuscated logic. Code is fully readable AWS SDK retry quota implementation. False positive for this package's build output. | ai | |
| source-diff | obfuscated-file:dist-cjs/omitRetryHeadersMiddleware.js | AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. | ai | |
| source-diff | obfuscated-file:dist-es/omitRetryHeadersMiddleware.js | AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. | ai | |
| source-diff | obfuscated-file:dist-cjs/retryMiddleware.js | AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. | ai | |
| source-diff | obfuscated-file:dist-cjs/StandardRetryStrategy.js | AI (source-diff): Long line is an inline base64 source map. Consistent with the build output pattern of this AWS SDK package. False positive. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): aws-sdk-bot manages hundreds of AWS SDK packages; maintainer roster changes are routine org restructuring, not takeover signals for this package family. | ai | |
| source-diff | large-new-source-files | AI (source-diff): AWS SDK v3 packages regularly add many source files across versions during active development; this is expected for an established SDK middleware package. | ai | |
| source-diff | obfuscated-file:dist/es/DefaultRateLimiter.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| source-diff | obfuscated-file:dist/cjs/StandardRetryStrategy.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| source-diff | obfuscated-file:dist/es/StandardRetryStrategy.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): AWS SDK team growth; aws-sdk-bot publisher has exceptional track record. New maintainers are AWS employees, not suspicious. | ai | |
| source-diff | obfuscated-file:dist/cjs/AdaptiveRetryStrategy.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| source-diff | obfuscated-file:dist/cjs/DefaultRateLimiter.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| source-diff | obfuscated-file:dist/es/AdaptiveRetryStrategy.js | AI (source-diff): Long lines are inline base64 source maps from tsc compilation, not obfuscation. Standard AWS SDK build artifact pattern. | ai | |
| dependencies | unvetted-dep:@aws-sdk/util-middleware | AI (dependencies): Sibling AWS SDK v3 package pinned at the same version; consistent with the monorepo release pattern and not a security concern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): AWS SDK middleware packages are internal SDK components; sparse READMEs and missing keywords are expected and not indicative of spam or malicious intent. | ai | |
| provenance | no-provenance | AI (provenance): aws-sdk-bot is a well-established, highly trusted publisher; lack of Sigstore provenance is not a concern for this package. | ai |
Versions (showing 20 of 120)
| Version | Deps | Published |
|---|---|---|
| 3.22.0 | 5 / 4 | |
| 3.20.0 | 5 / 5 | |
| 3.19.0 | 5 / 5 | |
| 3.18.0 | 5 / 5 | |
| 3.16.0 | 5 / 5 | |
| 3.15.0 | 5 / 5 | |
| 3.13.1 | 5 / 5 | |
| 3.12.0 | 5 / 5 | |
| 3.10.0 | 6 / 5 | |
| 3.8.0 | 6 / 5 | |
| 3.7.0 | 6 / 5 | |
| 3.6.1 | 6 / 5 | |
| 3.6.0 | 6 / 5 | |
| 3.5.0 | 6 / 5 | |
| 3.4.1 | 6 / 5 | |
| 3.4.0 | 6 / 5 | |
| 3.3.0 | 6 / 5 | |
| 3.2.0 | 5 / 6 | |
| 3.1.0 | 5 / 6 | |
| 3.0.0 | 5 / 6 |