Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@danielmyerfenton/react-native-aws3
Advanced tools
Pure JavaScript react native library for uploading to AWS S3
React Native AWS3 is a module for uploading files to S3. Unlike other libraries out there, there are no native dependencies.
npm install --save react-native-aws3
The user associated with the accessKey
and secretKey
you use must have the appropriate permissions assigned to them. My user's IAM policy looks like:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1458840156000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": [
"arn:aws:s3:::my-bucket/uploads/*"
]
}
]
}
import { RNS3 } from 'react-native-aws3';
const file = {
// `uri` can also be a file system path (i.e. file://)
uri: "assets-library://asset/asset.PNG?id=655DBE66-8008-459C-9358-914E1FB532DD&ext=PNG",
name: "image.png",
type: "image/png"
}
const options = {
keyPrefix: "uploads/",
bucket: "your-bucket",
region: "us-east-1",
accessKey: "your-access-key",
secretKey: "your-secret-key",
successActionStatus: 201
}
RNS3.put(file, options).then(response => {
if (response.status !== 201)
throw new Error("Failed to upload image to S3");
console.log(response.body);
/**
* {
* postResponse: {
* bucket: "your-bucket",
* etag : "9f620878e06d28774406017480a59fd4",
* key: "uploads/image.png",
* location: "https://your-bucket.s3.amazonaws.com/uploads%2Fimage.png"
* }
* }
*/
});
Upload a file to S3.
Arguments:
file
uri
required - File system URI, can be assets library path or file://
pathname
required - The name of the file, will be stored as such in S3type
required - The mime type, also used for Content-Type
parameter in the S3 post policyoptions
acl
- The Access Control List of this object. Defaults to public-read
keyPrefix
- Prefix, or path to the file on S3, i.e. uploads/
(note the trailing slash)bucket
required - Your S3 bucketregion
required - The region of your S3 bucketaccessKey
required - Your S3 AWSAccessKeyId
secretKey
required - Your S3 AWSSecretKey
successActionStatus
- HTTP response status if successful, defaults to 201awsUrl
- AWS S3 url. Defaults to s3.amazonaws.com
timeDelta
- Devices time offset from world clock in milliseconds, defaults to 0Returns an object that wraps an XMLHttpRequest
instance and behaves like a promise, with the following additional methods:
progress
- accepts a callback which will be called with an event representing the progress of the upload. Event object is of shape
loaded
- amount uploadedtotal
- total amount to uploadpercent
- number between 0 and 1 representing the percent completedabort
- aborts the xhr instanceExamples:
RNS3.put(file, options)
.progress((e) => console.log(e.loaded / e.total)); // or console.log(e.percent)
RNS3.put(file, option)
.abort();
DeleteObject
and (authenticated) GetObject
operations.FAQs
Pure JavaScript react native library for uploading to AWS S3
The npm package @danielmyerfenton/react-native-aws3 receives a total of 4 weekly downloads. As such, @danielmyerfenton/react-native-aws3 popularity was classified as not popular.
We found that @danielmyerfenton/react-native-aws3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.