Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@aws-sdk/middleware-user-agent
Advanced tools
Package description
The @aws-sdk/middleware-user-agent package is part of the AWS SDK for JavaScript (v3). It is used to manage and customize the User-Agent header sent in requests made to AWS services. This middleware allows developers to append additional information to the User-Agent header, which can be useful for debugging, tracking, and analytics purposes.
Customizing User-Agent
This code demonstrates how to customize the User-Agent header when creating an S3 client instance. It appends 'MyApp/1.0.0' to the default User-Agent string provided by AWS SDK.
const { S3Client } = require('@aws-sdk/client-s3');
const { defaultUserAgent } = require('@aws-sdk/util-user-agent-node');
const { addUserAgent } = require('@aws-sdk/middleware-user-agent');
const client = new S3Client({
region: 'us-west-2',
customUserAgent: 'MyApp/1.0.0'
});
addUserAgent(client, defaultUserAgent({ serviceId: 'S3', clientVersion: '3.0.0' }));
The 'useragent' package is used to parse user agent strings. It can detect browser, engine, OS, CPU, and device type/model from parsed user agent strings. Unlike @aws-sdk/middleware-user-agent, which is specifically designed for AWS SDKs to manipulate User-Agent headers, 'useragent' provides broader parsing capabilities for any user agent string.
This is a simple Express.js middleware for exposing user-agent details to your application. It parses the user-agent string and adds an object with the details to the request object. While it serves a different context (web servers rather than AWS SDK clients), it shares the concept of processing user-agent information.
Changelog
Readme
FAQs
Unknown package
We found that @aws-sdk/middleware-user-agent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.