← Home

@aws/agentcore

npm Repository Homepage

CLI for Amazon Bedrock AgentCore

3
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

nosovskyaws-sdk-teamamzn-ossaws-sdk-botawsxrayaws-iot-sdkaws-amplify-opszheallanmohit0193rishabh6788weicongssayaligaikawadpeterzhuamazonforrest-not-gumpcaybloodevertonfragaosa-publishbedrock-agentcore-npmamazon-q-cli-botaws-apm-synthetics-npm

Keywords

awsamazonbedrockagentcorecliagentsaicdklangchainlanggraphopenaianthropicgoogle-adkstrands

Versions (showing 3 of 3)

Version Deps Published
0.18.0 39 / 36
0.15.0 35 / 35
0.12.2 33 / 34

v0.18.0

3 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/check-old-cli.mjs

HIGH env-spread: scripts/bundle.mjs:198 semgrep

Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aws/agentcore-cli/blob/65f45fdbe7e3c6ed8b84ad8aed695cd73400c899/scripts/bundle.mjs#L198 196 | // Step 6: Rebuild CLI with BUILD_PREVIEW=1 197 | log('Rebuilding CLI with BUILD_PREVIEW=1 for preview tarball...'); > 198 | run('npm', ['run', 'build:cli'], { cwd: cliRoot, env: { ...process.env, BUILD_PREVIEW: '1' } }); 199 | 200 | // Step 7: Bump version to preview variant

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.0

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/check-old-cli.mjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.2

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/check-old-cli.mjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.