Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@aws-sdk/core
Advanced tools
@aws-sdk/core
This package provides common or core functionality to the AWS SDK for JavaScript (v3).
You do not need to explicitly install this package, since it will be transitively installed by AWS SDK clients.
@aws-sdk/core
submodulesCore submodules are organized for distribution via the package.json
exports
field.
exports
is supported by default by the latest Node.js, webpack, and esbuild. For react-native, it can be
enabled via instructions found at reactnative.dev/blog.
Think of @aws-sdk/core
as a mono-package within the monorepo.
It preserves the benefits of modularization, for example to optimize Node.js initialization speed,
while making it easier to have a consistent version of core dependencies, reducing package sprawl when
installing an SDK client.
index.ts
file corresponding to the pattern ./src/submodules/<MODULE_NAME>/index.ts
will be
published as a separate dist-cjs
bundled submodule index using the Inliner.js
build script../src/submodules/<SUBMODULE>
including an index.ts
file and a README.md
file.
package.json
and the various tsconfig.json
files, but it will automatically fix them if possible.@aws-sdk/<pkg>
package in that importing it in Node.js will resolve a separate bundle.@scope/pkg/submodule
name as the import.
@aws-sdk/core
.
The linter runs during yarn build
and also as yarn lint
.@aws-sdk/core/submodule
vs. @aws-sdk/new-package
?Keep in mind that the core package is installed by all AWS SDK clients.
If the component functionality is upstream of multiple clients, it is a good candidate for a core submodule. For example, XML serialization.
If the component's functionality is downstream of a client, for example S3 pre-signing, it should be a standalone package with potentially a peer or runtime dependency on an AWS SDK client.
FAQs
Core functions & classes shared by multiple AWS SDK clients.
The npm package @aws-sdk/core receives a total of 9,364,213 weekly downloads. As such, @aws-sdk/core popularity was classified as popular.
We found that @aws-sdk/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.