Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@aws-sdk/credential-provider-env
Advanced tools
@aws-sdk/credential-provider-env
AWS credential provider that sources credentials from known environment variables
What is @aws-sdk/credential-provider-env?
The @aws-sdk/credential-provider-env package is designed to provide AWS credentials from environment variables to applications. It is part of the AWS SDK for JavaScript (v3), which is a modular collection of software for interfacing with AWS services. This package specifically helps in retrieving AWS credentials set in the environment variables, making it easier to manage credentials in a secure and scalable way, especially in containerized or serverless environments where direct file access might be limited.
What are @aws-sdk/credential-provider-env's main functionalities?
Retrieving AWS credentials from environment variables
This feature allows the application to automatically load AWS credentials (such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN) from the environment variables. It is particularly useful in automated environments like CI/CD pipelines or when deploying to AWS services like AWS Lambda or ECS, where you can set environment variables securely.
const { fromEnv } = require('@aws-sdk/credential-provider-env');
const credentials = fromEnv();
// Use the credentials with an AWS SDK clientOther packages similar to @aws-sdk/credential-provider-env
aws-sdk
The 'aws-sdk' package is the older version of the AWS SDK for JavaScript. It also supports loading credentials from environment variables, but it does so as part of a larger, monolithic package. Compared to @aws-sdk/credential-provider-env, 'aws-sdk' is less modular and might introduce more dependencies than necessary if you only need to load credentials.
@aws-sdk/credential-provider-ini
Similar to @aws-sdk/credential-provider-env, this package is part of the AWS SDK for JavaScript (v3) and provides functionality to load AWS credentials. However, instead of loading from environment variables, it loads credentials from a shared credentials file (typically located at ~/.aws/credentials). This approach is useful for local development or in scenarios where setting environment variables is not preferred.
@aws-sdk/credential-provider-cognito-identity
This package is another credential provider within the AWS SDK for JavaScript (v3) ecosystem. It differs from @aws-sdk/credential-provider-env by providing a way to obtain AWS credentials based on Cognito Identity. This is particularly useful for mobile or web applications that authenticate users and then provide access to AWS resources directly from the client-side.
@aws-sdk/credential-provider-env
An internal package
Usage
You probably shouldn't, at least directly. Please use @aws-sdk/credential-providers instead.
3.696.0 (2024-11-19)
Features
- client-b2bi: Add new X12 transactions sets and versions (cb3d07b)
- client-ec2: This release adds VPC Block Public Access (VPC BPA), a new declarative control which blocks resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. (7905a8e)
- client-ecs: This release introduces support for configuring the version consistency feature for individual containers defined within a task definition. The configuration allows to specify whether ECS should resolve the container image tag specified in the container definition to an image digest. (d632c0c)
- client-efs: Add support for the new parameters in EFS replication APIs (1f77893)
- client-glue: AWS Glue Data Catalog now enhances managed table optimizations of Apache Iceberg tables that can be accessed only from a specific Amazon Virtual Private Cloud (VPC) environment. (844a1da)
- client-keyspaces: Amazon Keyspaces Multi-Region Replication: Adds support to add new regions to multi and single-region keyspaces. (9c30b3a)
- client-mwaa: Amazon MWAA now supports a new environment class, mw1.micro, ideal for workloads requiring fewer resources than mw1.small. This class supports a single instance of each Airflow component: Scheduler, Worker, and Webserver. (a64d4bb)
- client-taxsettings: Release Tax Inheritance APIs, Tax Exemption APIs, and functionality update for some existing Tax Registration APIs (da73fe5)
- client-workspaces: Releasing new ErrorCodes for Image Validation failure during CreateWorkspaceImage process (5649e47)
- clients: update client endpoints as of 2024-11-19 (3a63d0b)
Keywords
FAQs
AWS credential provider that sources credentials from known environment variables
We found that @aws-sdk/credential-provider-env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 19 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024