"Latest" version of amazon-cognito-identity-js listed in NPM is 6.3.12 instead of 6.3.14

[ethanherbertson]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Vue

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Other

Environment information

  System:
    OS: Linux 5.15 Ubuntu 24.04.1 LTS 24.04.1 LTS (Noble Numbat)
    CPU: (12) x64 12th Gen Intel(R) Core(TM) i7-1255U
    Memory: 14.62 GB / 15.47 GB
    Container: Yes
    Shell: 5.2.21 - /bin/bash
  Binaries:
    Node: 20.18.2 - ~/.nvm/versions/node/v20.18.2/bin/node
    Yarn: 1.22.22 - ~/.nvm/versions/node/v20.18.2/bin/yarn
    npm: 10.8.2 - ~/.nvm/versions/node/v20.18.2/bin/npm
  npmPackages:
    amazon-cognito-identity-js: ^6.3.12 => 6.3.12
    amazon-cognito-identity-js/internals:  undefined ()
    argon2: ^0.40.3 => 0.40.3
    aws-sdk: ^2.1668.0 => 2.1691.0
    chai: ^4.1.2 => 4.5.0
    chai-as-promised: ^7.1.1 => 7.1.2
    file-type: ^16.0.0 => 16.5.4
    jszip: ^3.5.0 => 3.10.1
    mocha: ^10.7.0 => 10.7.3
    nyc: ^17.1.0 => 17.1.0
    request: ^2.87.0 => 2.88.2
    request-promise-native: ^1.0.5 => 1.0.9
    semistandard: ^17.0.0 => 17.0.0
    serverless-apigw-binary: ^0.4.4 => 0.4.4
    serverless-domain-manager: ^8.0.0 => 8.0.0
    serverless-plugin-aws-alerts: ^1.7.5 => v1.7.5
    serverless-plugin-warmup: ^8.0.0 => 8.3.0
    serverless-prune-plugin: ^2.1.0 => 2.1.0
    sinon: ^18.0.0 => 18.0.1
    sinon-chai: ^3.2.0 => 3.7.0
    snazzy: ^9.0.0 => 9.0.0
    uuid: ^10.0.0 => 10.0.0 (9.0.1, 8.0.0, 8.3.2, 3.4.0)
    xml2js: ^0.6.2 => 0.6.2
  npmGlobalPackages:
    corepack: 0.29.4
    npm: 10.8.2
    serverless: 4.4.19
    yarn: 1.22.22

Describe the bug

Due to possible deployment issues, NPM currently lists the outdated 6.3.12 as the "latest" version of amazon-cognito-identity-js instead of 6.3.14.

This can be seen if you navigate to the main page for the package on npmjs.com: https://www.npmjs.com/package/amazon-cognito-identity-js

Because of this issue, 6.3.12 is the version that gets installed by default when using both npm or yarn:

Additionally, tooling like yarn outdated is not able to report the existence of 6.3.14 even if a project's semver would allow it. See envinfo output in the "Environment information" field below to see the install state of such a project. When you run yarn outdated in that project, despite the semver string in package.json specifying ^6.3.12, yarn outdated does not report the existence of the newer version being available:

Expected behavior

By default, npm install amazon-cognito-identity-js should install the latest version of the module. Tooling like yarn outdated and dependency scanners should also be aware of 6.3.14 being the latest available version of the module. 6.3.14 should be the default version shown on npmjs.com.

Reproduction steps

1. Run npm install amazon-cognito-identity-js
2. Run npm ls
3. See that version 6.3.12 is the version that got installed.

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[HuiSF]

Thanks for bringing this to our attention! We will look in to this.

[cwomack]

We have PR #14156 in the works to address this, @ethanherbertson.

[ethanherbertson]

@cwomack depending on the value of the .13 and .14 versions, you might want to consider cutting and publishing a 6.3.15 release using the fixed pipeline/deployment configuration, so that those changes do get published to "latest" on NPM. Otherwise they'll be missed by new installers of the library.

[cwomack]

@ethanherbertson, appreciate the suggestion and your patience while we validate the fix on our side. We'll update this issue as soon as we have the fix released.