Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team - Nov 24, 2025
🚨 Shai-Hulud Strikes Again:More than 500 packages and 700+ versions compromised.Technical Analysis →
@aws-sdk/credential-provider-sso
Advanced tools
@aws-sdk/credential-provider-sso
AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials
@aws-sdk/credential-provider-sso
An internal package
Usage
You probably shouldn't, at least directly. Please use @aws-sdk/credential-providers instead.
Other packages similar to @aws-sdk/credential-provider-sso
aws-sdk
The aws-sdk package is the official AWS SDK for JavaScript. While it supports various methods of authentication, including credentials from environment variables, shared credentials file, and IAM roles for EC2 instances, it does not specifically focus on SSO credential retrieval like @aws-sdk/credential-provider-sso. However, it provides a broader scope of AWS service interactions.
aws-amplify
AWS Amplify is a development platform for building secure, scalable mobile and web applications. It includes support for authentication via Amazon Cognito, which can be integrated with SSO, but it's more focused on application development rather than directly providing AWS credentials for SDK clients. Compared to @aws-sdk/credential-provider-sso, AWS Amplify offers a higher-level abstraction for authentication and authorization.
Keywords
FAQs
AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials
The npm package @aws-sdk/credential-provider-sso receives a total of 38,192,833 weekly downloads. As such, @aws-sdk/credential-provider-sso popularity was classified as popular.
We found that @aws-sdk/credential-provider-sso demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 18 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem - Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding - Nov 21, 2025