@aws-sdk/types
Types for the AWS SDK
51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
amzn-ossaws-sdk-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): AWS SDK team consolidates maintainers over time under aws-sdk-bot; removal of individual maintainers is a known pattern for this package family, not a takeover signal. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): tslib and @smithy/types are legitimate AWS/TypeScript ecosystem packages added as part of the AWS SDK v3 Smithy refactor; not a supply chain risk. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Diff is against a very old version (v3.12.0); 121 new files reflect legitimate accumulated development across 189 versions of an active AWS SDK package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size reduction reflects intentional AWS SDK v3 refactoring where types were extracted into @smithy/types; this package now delegates to that, making it legitimately smaller. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; phantom-dep false positive is stable for all TypeScript packages including this one. | ai | |
| provenance | no-provenance | AI (provenance): aws-sdk-bot is a well-established automated publisher; lack of Sigstore provenance is consistent across all AWS SDK packages and not a risk signal here. | ai | |
| bogus-package | bogus-package | AI (bogus-package): This is the official AWS SDK types package with 97 approved-dep edges; README/keyword signals are stable false positives for this package. | ai |
Versions (showing 51 of 160)
| Version | Deps | Published |
|---|---|---|
| 3.973.9 | 2 / 5 | |
| 3.973.8 | 2 / 5 | |
| 3.973.7 | 2 / 5 | |
| 3.973.6 | 2 / 5 | |
| 3.973.5 | 2 / 5 | |
| 3.973.4 | 2 / 5 | |
| 3.973.3 | 2 / 5 | |
| 3.973.2 | 2 / 5 | |
| 3.973.1 | 2 / 5 | |
| 3.973.0 | 2 / 5 | |
| 3.972.0 | 2 / 5 | |
| 3.969.0 | 2 / 5 | |
| 3.968.0 | 2 / 5 | |
| 3.965.0 | 2 / 5 | |
| 3.957.0 | 2 / 5 | |
| 3.956.0 | 2 / 5 | |
| 3.953.0 | 2 / 5 | |
| 3.936.0 | 2 / 5 | |
| 3.930.0 | 2 / 5 | |
| 3.922.0 | 2 / 5 | |
| 3.921.0 | 2 / 5 | |
| 3.920.0 | 2 / 5 | |
| 3.914.0 | 2 / 5 | |
| 3.910.0 | 2 / 5 | |
| 3.901.0 | 2 / 5 | |
| 3.893.0 | 2 / 5 | |
| 3.887.0 | 2 / 5 | |
| 3.862.0 | 2 / 5 | |
| 3.840.0 | 2 / 5 | |
| 3.821.0 | 2 / 5 | |
| 3.804.0 | 2 / 5 | |
| 3.775.0 | 2 / 5 | |
| 3.734.0 | 2 / 5 | |
| 3.731.0 | 2 / 5 | |
| 3.723.0 | 2 / 5 | |
| 3.714.0 | 2 / 5 | |
| 3.713.0 | 2 / 5 | |
| 3.709.0 | 2 / 5 | |
| 3.696.0 | 2 / 5 | |
| 3.692.0 | 2 / 5 | |
| 3.686.0 | 2 / 5 | |
| 3.679.0 | 2 / 5 | |
| 3.667.0 | 2 / 5 | |
| 3.664.0 | 2 / 5 | |
| 3.662.0 | 2 / 5 | |
| 3.654.0 | 2 / 5 | |
| 3.649.0 | 2 / 5 | |
| 3.609.0 | 2 / 5 | |
| 3.598.0 | 2 / 5 | |
| 3.577.0 | 2 / 5 | |
| 3.575.0 | 2 / 5 |
v3.973.9
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.