Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@adobe/aio-lib-files
Advanced tools
@adobe/aio-lib-files
An abstraction on top of blob cloud storage exposing a file like API
Adobe I/O Lib Files
A Node JavaScript abstraction on top of cloud blob storages exposing a file-system like API.
You can initialize the SDK with your Adobe I/O Runtime (a.k.a OpenWhisk) credentials.
Alternatively, you can bring your own cloud storage keys. Note however, that as of now we only support Azure Blob Storage.
Please note that currently you must be a customer of Adobe Developer App Builder to use this library. App Builder is a complete framework that enables enterprise developers to build and deploy custom web applications that extend Adobe Experience Cloud solutions and run on Adobe infrastructure.
Install
npm install @adobe/aio-lib-files
Use
const filesLib = require('@adobe/aio-lib-files')
// init
// init sdk using OpenWhisk credentials
const files = await filesLib.init({ ow: { namespace, auth } })
// init when env vars __OW_API_KEY and __OW_NAMESPACE are set (e.g. when running in an OpenWhisk action)
const files = await filesLib.init()
// or if you want to use your own cloud storage account
const files = await filesLib.init({ azure: { storageAccount, storageAccessKey, containerName } })
// write private file
await files.write('mydir/myfile.txt', 'some private content')
// write publicly accessible file
await files.write('public/index.html', '<h1>Hello World!</h1>')
// get file url
const props = await files.getProperties('public/index.html')
console.log('props = ', props)
/*
props = { name: 'public/index.html',
creationTime: 2020-12-09T19:49:58.000Z,
lastModified: 2020-12-09T19:49:58.000Z,
etag: '"0x8D89C7B9BB75A6F"',
contentLength: 21,
contentType: 'text/html',
isDirectory: false,
isPublic: true,
url:
'https://jestaiotest.blob.core.windows.net/readme-public/public%2Findex.html' }
*/
// list all files
await files.list('mydir/') // with a trailing slash lists a directory, recursively. Returns [] if no files are recursively stored under mydir/.
await files.list('myfile') // without a trailing slash list returns [fileProps] or [] if it doesn't exist.
await files.list('/')
/*
list = [ { name: 'mydir/myfile.txt',
creationTime: 2020-12-09T19:49:57.000Z,
lastModified: 2020-12-09T19:49:57.000Z,
etag: '0x8D89C7B9BB165F8',
contentLength: 20,
contentType: 'text/plain',
isDirectory: false,
isPublic: false,
url:
'https://jestaiotest.blob.core.windows.net/readme/mydir%2Fmyfile.txt' },
{ name: 'public/index.html',
creationTime: 2020-12-09T19:49:58.000Z,
lastModified: 2020-12-09T19:49:58.000Z,
etag: '0x8D89C7B9BB75A6F',
contentLength: 21,
contentType: 'text/html',
isDirectory: false,
isPublic: true,
url:
'https://jestaiotest.blob.core.windows.net/readme-public/public%2Findex.html' } ]
*/
// read
const buffer = await files.read('mydir/myfile.txt')
buffer.toString() // 'some private content'
// pipe read stream to local file (consider using copy below)
const rdStream = await files.createReadStream('mydir/myfile.txt')
const stream = rdStream.pipe(fs.createWriteStream('my-local-file.txt'))
stream.on('finish', () => console.log('done!'))
// write read stream to remote file (consider using copy below)
const rdStream = fs.createReadStream('my-local-file.txt')
await files.write('my/remote/file.txt', rdStream)
// delete files in 'my/remote/' dir
await files.delete('my/remote/')
// delete all public files
await files.delete('public/')
// delete all files including public
await files.delete('/')
// copy - higher level utility (works likes scp)
// works for files and directories both remotely and locally, uses streams under the hood
/// upload a single file
await files.copy('my-static-app/index.html', 'public/my-static-app/index.html', { localSrc: true })
/// upload local directory recursively
await files.copy('my-static-app/', 'public/', { localSrc: true })
/// download to local directory recursively (works for files as well)
await files.copy('public/my-static-app/', 'my-static-app-copy', { localDest: true })
/// copy remote directories around (works for files as well)
await files.copy('public/my-static-app/', 'my/private/folder')
// Share private files
const presignUrl = await files.generatePresignURL('mydir/myfile.txt', { expiryInSeconds: 60 })
//Share private files with read, write, delete permissions
const rwdPresignUrl = await files.generatePresignURL('mydir/myfile.txt', { expiryInSeconds: 60, permissions: 'rwd' })
Presigned URL types and usage
File SDK supports two types of presigned URLs to access a file
- External - CDN based URLs which can be accessed from anywhere, assuming right pre-sign permissions for private files. You can use this type of URLs to provide access to your files to external systems and APIs for remote compute use-cases.
- Internal - Direct URLs to file storage. These URLs work only if used within Adobe I/O Runtime actions. You can use this type of URLs to chain worker actions that are processing the same file from different Runtime namespaces. As there is no CDN indirection, using this type of URL will improve the performance of your Runtime actions.
Files.getProperties returns both URL types (external as url, and internal as internalUrl) for a given file path Files.generatePresignURL supports UrlType as option to generate presign URL of given type
See usage example below -
const { init, UrlType } = require('@adobe/aio-lib-files')
const files = await init()
// getProperties will return both internal and external URLs in return Object
const props = files.getProperties('public/my-static-app/index.html')
//generate presign URL with internal URLType
const internalPresignUrl = await files.generatePresignURL('mydir/myfile.txt', { expiryInSeconds: 60, permissions: 'rwd', urltype: UrlType.internal })
Explore
goto API
Debug
set DEBUG=@adobe/aio-lib-files* to see debug logs.
Adobe I/O Files Store Consistency Guarantees
Strong consistency is guaranteed for all operations and across instances of the files sdk (returned by filesLib.init()).
Troubleshooting
"[StateLib:ERROR_INTERNAL] unknown error response from provider with status: unknown"
- when using
@adobe/aio-lib-filesin an action bundled with webpack please make sure to turn off minification and enable resolving of es6 modules. Add the following lines to your webpack config:
optimization: {
minimize: false
},
resolve: {
extensions: ['.js'],
mainFields: ['main']
}
Contributing
Contributions are welcomed! Read the Contributing Guide for more information.
Licensing
This project is licensed under the Apache V2 License. See LICENSE for more information.
FAQs
An abstraction on top of blob cloud storage exposing a file like API
The npm package @adobe/aio-lib-files receives a total of 3,304 weekly downloads. As such, @adobe/aio-lib-files popularity was classified as popular.
We found that @adobe/aio-lib-files demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 30 open source maintainers collaborating on the project.
Package last updated on 05 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025