Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@aws-sdk/lib-storage
Advanced tools
The @aws-sdk/lib-storage package is part of the AWS SDK for JavaScript (v3) and provides high-level abstractions for uploading and downloading large objects to and from Amazon S3. It simplifies the process of handling multipart uploads and downloads, making it easier to work with large files or streams in a scalable and efficient manner.
Multipart Upload
This feature allows for the uploading of large files to Amazon S3 in parts. The code sample demonstrates how to create a multipart upload using the Upload class. It also shows how to listen for upload progress events.
const { S3Client } = require('@aws-sdk/client-s3');
const { Upload } = require('@aws-sdk/lib-storage');
const client = new S3Client({});
const upload = new Upload({
client,
params: { Bucket: 'bucket-name', Key: 'file-key', Body: fileStream }
});
upload.on('httpUploadProgress', (progress) => {
console.log(progress);
});
await upload.done();
Parallel Uploads
This feature enhances the multipart upload by allowing multiple parts of the file to be uploaded in parallel, which can significantly speed up the upload process for large files. The code sample demonstrates how to specify the number of parts to upload in parallel.
const { S3Client } = require('@aws-sdk/client-s3');
const { Upload } = require('@aws-sdk/lib-storage');
const client = new S3Client({});
const upload = new Upload({
client,
params: { Bucket: 'bucket-name', Key: 'file-key', Body: fileStream },
queueSize: 4 // Number of parts to upload in parallel
});
await upload.done();
Multipart Download
While the primary focus of @aws-sdk/lib-storage is on uploading, it provides the foundation for handling large objects that could be extended for multipart downloads, though as of the last update, explicit multipart download functionality is not directly exposed.
N/A
The older version of the AWS SDK for JavaScript. It also supports uploading and downloading files to/from S3, but @aws-sdk/lib-storage offers a more modular and efficient approach, especially for multipart uploads.
A package that was designed to support streaming uploads to S3. While it provides similar functionality for multipart uploads, @aws-sdk/lib-storage benefits from being part of the official AWS SDK, ensuring better integration and support.
A package that integrates with Multer to upload files to Amazon S3. It's more focused on handling file uploads in web applications, particularly with Express.js. Unlike @aws-sdk/lib-storage, it's not designed for general-purpose S3 interactions and lacks the comprehensive support for multipart uploads.
Upload allows for easy and efficient uploading of buffers, blobs, or streams, using a configurable amount of concurrency to perform multipart uploads where possible. This abstraction enables uploading large files or streams of unknown size due to the use of multipart uploads under the hood.
import { Upload } from "@aws-sdk/lib-storage";
import { S3Client, S3 } from "@aws-sdk/client-s3";
try {
const parallelUploads3 = new Upload({
client: new S3({}) || new S3Client({}),
params: { Bucket, Key, Body },
tags: [
/*...*/
], // optional tags
queueSize: 4, // optional concurrency configuration
partSize: 1024 * 1024 * 5, // optional size of each part, in bytes, at least 5MB
leavePartsOnError: false, // optional manually handle dropped parts
});
parallelUploads3.on("httpUploadProgress", (progress) => {
console.log(progress);
});
await parallelUploads3.done();
} catch (e) {
console.log(e);
}
3.549.0 (2024-04-04)
FAQs
Storage higher order operation
The npm package @aws-sdk/lib-storage receives a total of 1,284,277 weekly downloads. As such, @aws-sdk/lib-storage popularity was classified as popular.
We found that @aws-sdk/lib-storage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.