Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aws-sdk/middleware-sdk-s3
Advanced tools
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-sdk-s3/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-sdk-s3) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-sdk-s3.svg)](https://www.npmjs.com/package/@
@aws-sdk/middleware-sdk-s3 is a middleware package for the AWS SDK for JavaScript (v3) that provides specialized middleware for Amazon S3. This package helps in handling S3-specific functionalities such as request and response transformations, error handling, and other S3-specific operations.
S3RequestPresigner
This feature allows you to generate a presigned URL for an S3 request. The presigned URL can be used to grant temporary access to an S3 object.
const { S3RequestPresigner } = require('@aws-sdk/middleware-sdk-s3');
const { HttpRequest } = require('@aws-sdk/protocol-http');
const { Hash } = require('@aws-sdk/hash-node');
const { defaultProvider } = require('@aws-sdk/credential-provider-node');
const presigner = new S3RequestPresigner({
credentials: defaultProvider(),
region: 'us-west-2',
sha256: Hash.bind(null, 'sha256')
});
const request = new HttpRequest({
...
});
const signedUrl = await presigner.presign(request);
console.log(signedUrl);
S3ControlMiddleware
This feature provides middleware for S3 Control operations, such as managing S3 Batch Operations jobs. It simplifies the process of adding necessary middleware to the S3 Control client.
const { S3ControlMiddleware } = require('@aws-sdk/middleware-sdk-s3');
const { S3ControlClient, ListJobsCommand } = require('@aws-sdk/client-s3-control');
const client = new S3ControlClient({
region: 'us-west-2',
middlewareStack: S3ControlMiddleware()
});
const command = new ListJobsCommand({
AccountId: '123456789012'
});
const response = await client.send(command);
console.log(response);
@aws-sdk/client-s3 is the main client package for interacting with Amazon S3. It provides a comprehensive set of methods for S3 operations, including bucket and object management. While @aws-sdk/middleware-sdk-s3 focuses on middleware, @aws-sdk/client-s3 provides the core functionalities for S3.
aws-sdk is the AWS SDK for JavaScript (v2). It includes support for all AWS services, including S3. While it is a more monolithic package compared to the modular v3 SDK, it provides similar functionalities for S3 operations. However, it does not offer the same level of middleware customization as @aws-sdk/middleware-sdk-s3.
minio is a client library for MinIO, an open-source object storage server compatible with the Amazon S3 API. It provides similar functionalities for object storage operations but is designed to work with MinIO rather than AWS S3. It can be used as an alternative for S3-compatible storage solutions.
3.693.0 (2024-11-15)
FAQs
[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-sdk-s3/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-sdk-s3) [![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-sdk-s3.svg)](https://www.npmjs.com/package/@
The npm package @aws-sdk/middleware-sdk-s3 receives a total of 6,809,164 weekly downloads. As such, @aws-sdk/middleware-sdk-s3 popularity was classified as popular.
We found that @aws-sdk/middleware-sdk-s3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.