Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 200Mature · −50% score
- First published
- Oct 2023
- Publisher
- aws-sdk-bot
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@aws-sdk/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@aws-sdk/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched ".aws"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 10 · status changed
Evidence
Static findings
4 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 4 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/dist-cjs/submodules/client/index.browser.js | matched ".aws" | 5 |
| low | Credential file access | package/dist-cjs/submodules/client/index.js | matched ".aws" | 5 |
| low | Credential file access | package/dist-cjs/submodules/client/index.native.js | matched ".aws" | 5 |
| low | Credential file access | package/dist-es/submodules/client/util-endpoints/lib/aws/partitions.js | matched ".aws" | 5 |
Manifest
Package metadata
Scripts15
buildyarn prebuild && yarn lint && concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjsbuild:cjsnode ../../scripts/compilation/inline core && premove ./dist-cjs/api-extractor-type-index.jsbuild:estsc -p tsconfig.es.json && premove ./dist-es/api-extractor-type-index.jsbuild:include:depsyarn g:turbo run build -F="$npm_package_name"build:typespremove dist-types tsconfig.types.tsbuildinfo && tsc -p tsconfig.types.jsonbuild:types:downleveldownlevel-dts dist-types dist-types/ts3.4cleanpremove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfoextract:docsapi-extractor run --locallintnode ../../scripts/validation/submodules-linter.js --pkg coreprebuildnode -e "const j=require('../util-endpoints/src/lib/aws/partitions.json');require('fs').writeFileSync('src/submodules/client/util-endpoints/lib/aws/partitions.ts','export const partitionsInfo = '+JSON.stringify(j)+';\n')"testyarn g:vitest runtest:integrationyarn g:vitest run -c vitest.config.integ.mts && yarn test:temp:retrytest:integration:watchyarn g:vitest watch -c vitest.config.integ.mtstest:temp:retrySMITHY_NEW_RETRIES_2026=true node ./integ/retry.integ.spec && AWS_NEW_RETRIES_2026=true node ./integ/retry.integ.spec && node ./integ/retry.integ.spectest:watchyarn g:vitest watch
Dependencies8
@aws-sdk/types^3.973.9@aws-sdk/xml-builder^3.972.25@aws/lambda-invoke-store^0.2.2@smithy/core^3.24.3@smithy/signature-v4^5.4.2@smithy/types^4.14.2bowser^2.11.0tslib^2.6.2