Security News
Meet Socket at Black Hat Europe and BSides London 2025
Socket is heading to London! Stop by our booth or schedule a meeting to see what we've been working on.
By Anders Søndergaard - Nov 11, 2025
@adobe/aio-lib-core-tvm
Advanced tools
Adobe I/O Lib Core Token Vending Machine
A JS client to access the token vending machine.
For more details on the server side, goto adobe/aio-tvm
Install
npm install @adobe/aio-lib-core-tvm
Use
const TvmClient = require('@adobe/aio-lib-core-tvm')
// init
const tvm = await TvmClient.init({ ow: { auth: '<myauth>', namespace: '<mynamespace>' } })
// init with retryOptions
const tvm = await TvmClient.init({ ow: { auth: '<myauth>', namespace: '<mynamespace>' }, retryOptions: { maxRetries: 5, initialDelayInMillis: 100} })
// aws s3
const awsS3Credentials = await tvm.getAwsS3Credentials()
const aws = require('aws-sdk')
const s3 = new aws.S3(awsS3Credentials)
// ...operations on s3 object
// azure blob
const azureBlobCredentials = await tvm.getAzureBlobCredentials()
const azure = require('@azure/storage-blob')
const azureCreds = new azure.AnonymousCredential()
const pipeline = azure.newPipeline(azureCreds)
const containerClientPrivate = new azure.ContainerClient(azureBlobCredentials.sasURLPrivate, pipeline)
const containerClientPublic = new azure.ContainerClient(azureBlobCredentials.sasURLPublic, pipeline)
// ...operations on containerClientPrivate and containerClientPublic
// azure cosmos
const azureCosmosCredentials = await tvm.getAzureCosmosCredentials()
const cosmos = require('@azure/cosmos')
const container = new cosmos.CosmosClient({ endpoint: azureCosmosCredentials.endpoint, tokenProvider: async () => azureCosmosCredentials.resourceToken })
.database(azureCosmosCredentials.databaseId)
.container(azureCosmosCredentials.containerId)
const data = await container.item('<itemKey>', azureCosmosCredentials.partitionKey).read()
// ...operations on items within azureCosmosCredentials.partitionKey
Explore
goto API
Debug
set DEBUG=@adobe/aio-lib-core-tvm* to see debug logs.
Contributing
Contributions are welcomed! Read the Contributing Guide for more information.
Licensing
This project is licensed under the Apache V2 License. See LICENSE for more information.
FAQs
A JS client to access the Adobe I/O token vending machine
We found that @adobe/aio-lib-core-tvm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 29 open source maintainers collaborating on the project.
Package last updated on 25 Feb 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community Concern
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
By Sarah Gooding - Nov 08, 2025
Research
/Security News
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.
By Kush Pandya - Nov 06, 2025