@vendia/serverless-express
This library enables you to utilize AWS Lambda and Amazon API Gateway to respond to web and API requests using your existing Node.js application framework.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding in Azure HTTP function runtime is standard handling of binary HTTP response bodies; not a malicious payload pattern. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Diff is against v3.4.1 (major version behind); new files reflect Azure support and new event source adapters added in v4.x — expected growth. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase from v3 to v4 is expected due to major feature additions (Azure, TypeScript, new event sources); not indicative of injected payload. | ai | |
| install-scripts | install-script:preinstall | AI (install-scripts): preinstall runs 'npx npm-force-resolutions' to enforce the resolutions field (minimist pin). This is a standard, benign dependency-management pattern for this package. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 4.12.6 | 1 / 28 | |
| 4.12.5 | 1 / 28 | |
| 4.10.5 | 1 / 28 | |
| 4.10.4 | 0 / 28 | |
| 4.10.3 | 0 / 28 | |
| 4.10.2 | 0 / 28 | |
| 4.10.1 | 0 / 28 | |
| 4.10.0 | 0 / 28 | |
| 4.9.0 | 0 / 28 | |
| 4.8.3 | 0 / 28 | |
| 4.8.2 | 0 / 28 | |
| 4.8.1 | 0 / 28 | |
| 4.8.0 | 0 / 28 | |
| 4.7.1 | 0 / 28 | |
| 4.7.0 | 0 / 28 | |
| 4.6.0 | 0 / 28 | |
| 4.5.4 | 0 / 28 | |
| 4.5.3 | 0 / 28 | |
| 4.5.2 | 0 / 28 | |
| 4.5.1 | 0 / 28 | |
| 4.5.0 | 0 / 28 | |
| 4.4.0 | 0 / 28 | |
| 4.3.12 | 0 / 28 | |
| 4.3.11 | 0 / 28 | |
| 4.3.10 | 0 / 28 | |
| 4.3.9 | 0 / 28 | |
| 4.3.8 | 0 / 28 | |
| 4.3.7 | 0 / 28 | |
| 4.3.6 | 0 / 28 | |
| 4.3.5 | 0 / 28 | |
| 4.3.4 | 0 / 28 | |
| 4.3.3 | 0 / 28 | |
| 4.3.2 | 0 / 28 | |
| 4.3.1 | 0 / 28 | |
| 4.3.0 | 0 / 27 | |
| 4.2.0 | 0 / 27 | |
| 4.1.3 | 0 / 26 | |
| 4.1.2 | 0 / 26 | |
| 4.1.1 | 0 / 26 | |
| 4.1.0 | 0 / 26 | |
| 4.0.0 | 0 / 26 | |
| 3.4.1 | 3 / 20 | |
| 3.4.0 | 2 / 20 |
v4.12.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.12.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.7.0
2 findingsScript: npx npm-force-resolutions
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.6.0
2 findingsScript: npx npm-force-resolutions
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.4.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.