Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aws-sdk/middleware-endpoint-discovery
Advanced tools
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-endpoint-discovery/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-endpoint-discovery) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-endpoint-discovery.s
@aws-sdk/middleware-endpoint-discovery is a middleware package for the AWS SDK for JavaScript. It provides functionality to automatically discover and cache endpoints for AWS services that support endpoint discovery. This can help improve performance and reliability by reducing the need to repeatedly look up endpoints.
Automatic Endpoint Discovery
This feature enables automatic endpoint discovery for AWS services. In this example, the S3Client is configured to enable endpoint discovery. When the ListBucketsCommand is sent, the middleware will automatically discover and cache the appropriate endpoint.
const { EndpointDiscoveryMiddleware } = require('@aws-sdk/middleware-endpoint-discovery');
const { S3Client, ListBucketsCommand } = require('@aws-sdk/client-s3');
const client = new S3Client({
region: 'us-west-2',
endpointDiscoveryEnabled: true
});
const command = new ListBucketsCommand({});
client.send(command).then((data) => {
console.log(data);
}).catch((error) => {
console.error(error);
});
Manual Endpoint Discovery
This feature allows for manual configuration of endpoint discovery. In this example, the EndpointDiscoveryMiddleware is manually added to the middleware stack of the S3Client. The middleware is configured to require a discovered endpoint.
const { EndpointDiscoveryMiddleware } = require('@aws-sdk/middleware-endpoint-discovery');
const { S3Client, ListBucketsCommand } = require('@aws-sdk/client-s3');
const client = new S3Client({
region: 'us-west-2'
});
const command = new ListBucketsCommand({});
client.middlewareStack.add(EndpointDiscoveryMiddleware({
isDiscoveredEndpointRequired: true
}), {
step: 'build',
priority: 'high'
});
client.send(command).then((data) => {
console.log(data);
}).catch((error) => {
console.error(error);
});
@aws-sdk/middleware-retry provides retry logic for AWS SDK requests. It is similar to @aws-sdk/middleware-endpoint-discovery in that it enhances the reliability of AWS SDK operations, but it focuses on retrying failed requests rather than discovering endpoints.
@aws-sdk/middleware-signing handles the signing of AWS SDK requests. While @aws-sdk/middleware-endpoint-discovery focuses on discovering and caching endpoints, @aws-sdk/middleware-signing ensures that requests are properly authenticated and authorized.
@aws-sdk/middleware-logger provides logging capabilities for AWS SDK requests and responses. It is similar in that it adds additional functionality to the AWS SDK middleware stack, but it focuses on logging rather than endpoint discovery.
FAQs
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-endpoint-discovery/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-endpoint-discovery) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-endpoint-discovery.s
The npm package @aws-sdk/middleware-endpoint-discovery receives a total of 2,017,398 weekly downloads. As such, @aws-sdk/middleware-endpoint-discovery popularity was classified as popular.
We found that @aws-sdk/middleware-endpoint-discovery demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.