@aws-sdk/signature-v4-crt
A revision of AWS Signature V4 request signer based on AWS Common Runtime https://github.com/awslabs/aws-crt-nodejs
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@aws-sdk/is-array-buffer | AI (phantom-deps): AWS SDK monorepo uses framework-scoped convention loading; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/util-uri-escape | AI (phantom-deps): AWS SDK monorepo uses framework-scoped convention loading; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@aws-sdk/util-hex-encoding | AI (phantom-deps): AWS SDK monorepo uses framework-scoped convention loading; stable pattern for this package. | ai |
Versions (showing 55 of 355)
| Version | Deps | Published |
|---|---|---|
| 3.222.0 | 8 / 10 | |
| 3.215.0 | 8 / 10 | |
| 3.212.0 | 8 / 10 | |
| 3.208.0 | 8 / 10 | |
| 3.201.0 | 8 / 10 | |
| 3.200.0 | 8 / 10 | |
| 3.198.0 | 8 / 10 | |
| 3.197.0 | 8 / 10 | |
| 3.193.0 | 8 / 10 | |
| 3.190.0 | 8 / 10 | |
| 3.188.0 | 8 / 10 | |
| 3.186.0 | 8 / 10 | |
| 3.183.0 | 8 / 10 | |
| 3.180.0 | 8 / 10 | |
| 3.178.0 | 8 / 10 | |
| 3.171.0 | 8 / 10 | |
| 3.170.0 | 8 / 10 | |
| 3.168.0 | 8 / 10 | |
| 3.163.0 | 8 / 10 | |
| 3.162.0 | 8 / 10 | |
| 3.160.0 | 8 / 10 | |
| 3.159.0 | 8 / 10 | |
| 3.130.0 | 8 / 10 | |
| 3.128.0 | 8 / 10 | |
| 3.127.0 | 8 / 10 | |
| 3.118.0 | 8 / 10 | |
| 3.110.0 | 8 / 10 | |
| 3.109.0 | 8 / 10 | |
| 3.88.0 | 8 / 10 | |
| 3.78.0 | 8 / 10 | |
| 3.66.0 | 8 / 10 | |
| 3.58.0 | 8 / 10 | |
| 3.56.0 | 8 / 10 | |
| 3.55.0 | 7 / 10 | |
| 3.54.1 | 7 / 10 | |
| 3.54.0 | 7 / 10 | |
| 3.53.0 | 7 / 10 | |
| 3.52.0 | 7 / 10 | |
| 3.50.0 | 7 / 10 | |
| 3.49.0 | 7 / 10 | |
| 3.47.2 | 7 / 4 | |
| 3.47.1 | 7 / 4 | |
| 3.47.0 | 7 / 4 | |
| 3.46.0 | 7 / 4 | |
| 3.45.0 | 7 / 7 | |
| 3.41.0 | 7 / 7 | |
| 3.40.0 | 7 / 7 | |
| 3.39.0 | 7 / 7 | |
| 3.38.0 | 7 / 7 | |
| 3.37.0 | 7 / 7 | |
| 3.36.0 | 7 / 7 | |
| 3.35.0 | 7 / 7 | |
| 3.34.0 | 7 / 7 | |
| 3.33.0 | 7 / 7 | |
| 3.29.0 | 7 / 7 |
v3.222.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.215.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.212.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.208.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.201.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.200.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.198.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.197.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.193.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.190.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.188.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.186.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.183.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.180.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.178.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.171.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.170.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.168.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.163.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.162.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.160.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.159.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.130.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.128.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.127.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.118.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.110.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.109.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.88.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.78.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.66.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.58.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.56.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.55.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.54.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.54.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.53.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.52.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.50.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.49.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.47.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.47.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.47.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.46.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.45.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.41.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.40.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.39.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.38.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.37.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.36.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.33.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.