Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aws-amplify/pubsub
Advanced tools
@aws-amplify/pubsub is a part of the AWS Amplify library that provides a simple and powerful way to work with real-time messaging and event-driven architectures. It allows you to publish and subscribe to messages using AWS IoT, AWS AppSync, and other supported providers.
Publishing Messages
This feature allows you to publish messages to a specific topic. In this example, a message is published to 'myTopic' with the content 'Hello to all subscribers!'.
const { PubSub } = require('@aws-amplify/pubsub');
async function publishMessage() {
await PubSub.publish('myTopic', { msg: 'Hello to all subscribers!' });
}
publishMessage();
Subscribing to Messages
This feature allows you to subscribe to a specific topic and receive messages. In this example, the subscription listens to 'myTopic' and logs any received messages.
const { PubSub } = require('@aws-amplify/pubsub');
PubSub.subscribe('myTopic').subscribe({
next: data => console.log('Message received:', data),
error: error => console.error(error),
close: () => console.log('Done'),
});
Using AWS IoT
This feature allows you to use AWS IoT as a provider for PubSub. In this example, the AWS IoT provider is configured and used to subscribe to 'iotTopic'.
const { PubSub } = require('@aws-amplify/pubsub');
const { AWSIoTProvider } = require('@aws-amplify/pubsub/lib/Providers');
PubSub.addPluggable(new AWSIoTProvider({
aws_pubsub_region: 'us-west-2',
aws_pubsub_endpoint: 'wss://your-endpoint.iot.us-west-2.amazonaws.com/mqtt',
}));
PubSub.subscribe('iotTopic').subscribe({
next: data => console.log('Message received:', data),
error: error => console.error(error),
close: () => console.log('Done'),
});
The 'mqtt' package is a client library for the MQTT protocol, which is a lightweight messaging protocol for small sensors and mobile devices. It provides similar publish/subscribe functionality but requires more manual setup compared to @aws-amplify/pubsub.
The 'socket.io' package is a library for real-time web applications. It enables real-time, bidirectional communication between web clients and servers. While it offers similar real-time messaging capabilities, it is more focused on web sockets and less on integration with AWS services.
The 'paho-mqtt' package is an MQTT client library for JavaScript. It provides similar publish/subscribe functionality and is part of the Eclipse Paho project. Like 'mqtt', it requires more manual setup and does not integrate as seamlessly with AWS services as @aws-amplify/pubsub.
This package contains the AWS Amplify PubSub category. For more information on using PubSub in your application please reference the Amplify Dev Center.
FAQs
Pubsub category of aws-amplify
We found that @aws-amplify/pubsub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.