Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aws-sdk/lib-storage
Advanced tools
The @aws-sdk/lib-storage package is part of the AWS SDK for JavaScript (v3) and provides high-level abstractions for uploading and downloading large objects to and from Amazon S3. It simplifies the process of handling multipart uploads and downloads, making it easier to work with large files or streams in a scalable and efficient manner.
Multipart Upload
This feature allows for the uploading of large files to Amazon S3 in parts. The code sample demonstrates how to create a multipart upload using the Upload class. It also shows how to listen for upload progress events.
const { S3Client } = require('@aws-sdk/client-s3');
const { Upload } = require('@aws-sdk/lib-storage');
const client = new S3Client({});
const upload = new Upload({
client,
params: { Bucket: 'bucket-name', Key: 'file-key', Body: fileStream }
});
upload.on('httpUploadProgress', (progress) => {
console.log(progress);
});
await upload.done();
Parallel Uploads
This feature enhances the multipart upload by allowing multiple parts of the file to be uploaded in parallel, which can significantly speed up the upload process for large files. The code sample demonstrates how to specify the number of parts to upload in parallel.
const { S3Client } = require('@aws-sdk/client-s3');
const { Upload } = require('@aws-sdk/lib-storage');
const client = new S3Client({});
const upload = new Upload({
client,
params: { Bucket: 'bucket-name', Key: 'file-key', Body: fileStream },
queueSize: 4 // Number of parts to upload in parallel
});
await upload.done();
Multipart Download
While the primary focus of @aws-sdk/lib-storage is on uploading, it provides the foundation for handling large objects that could be extended for multipart downloads, though as of the last update, explicit multipart download functionality is not directly exposed.
N/A
The older version of the AWS SDK for JavaScript. It also supports uploading and downloading files to/from S3, but @aws-sdk/lib-storage offers a more modular and efficient approach, especially for multipart uploads.
A package that was designed to support streaming uploads to S3. While it provides similar functionality for multipart uploads, @aws-sdk/lib-storage benefits from being part of the official AWS SDK, ensuring better integration and support.
A package that integrates with Multer to upload files to Amazon S3. It's more focused on handling file uploads in web applications, particularly with Express.js. Unlike @aws-sdk/lib-storage, it's not designed for general-purpose S3 interactions and lacks the comprehensive support for multipart uploads.
Upload allows for easy and efficient uploading of buffers, blobs, or streams, using a configurable amount of concurrency to perform multipart uploads where possible. This abstraction enables uploading large files or streams of unknown size due to the use of multipart uploads under the hood.
import { Upload } from "@aws-sdk/lib-storage";
import { S3Client, S3 } from "@aws-sdk/client-s3";
try {
const parallelUploads3 = new Upload({
client: new S3({}) || new S3Client({}),
params: { Bucket, Key, Body },
// optional tags
tags: [
/*...*/
],
// additional optional fields show default values below:
// (optional) concurrency configuration
queueSize: 4,
// (optional) size of each part, in bytes, at least 5MB
partSize: 1024 * 1024 * 5,
// (optional) when true, do not automatically call AbortMultipartUpload when
// a multipart upload fails to complete. You should then manually handle
// the leftover parts.
leavePartsOnError: false,
});
parallelUploads3.on("httpUploadProgress", (progress) => {
console.log(progress);
});
await parallelUploads3.done();
} catch (e) {
console.log(e);
}
FAQs
Storage higher order operation
We found that @aws-sdk/lib-storage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.