supply chain / azure-storage-blob

Azure Blob Storage (JS)

registrynpm

package name@azure/storage-blob

maintainerMicrosoft

The Azure Blob Storage JavaScript SDK provides access to Azure Blob containers from Node.js applications. It authenticates via managed identity, connection strings, or SAS tokens and is used in Node.js backends that store files, backups, or ML artifacts in Azure storage.

api usage

Checking Azure Blob Storage (JS)

@azure/storage-blob 12.24.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40azure%2Fstorage-blob&version=12.24.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@azure/storage-blob",
  "version": "12.24.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Azure connection strings for Blob Storage contain the account name and a shared key that grants full read-write access to the storage account. A compromised package can exfiltrate this connection string before any blob operation.

Attestd monitors @azure/storage-blob using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages AWS SDK S3 (JS)Google Cloud Storage (JS)Response fields