Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@everymundo/aws-instance-identity
Advanced tools
@everymundo/aws-instance-identity
Returns information about the AWS Instance that calls it
@everymundo/aws-instance-identity
Returns information about the AWS Instance that calls it
Installation
npm install @everymundo/aws-instance-identity
Usage
With promise
const { getIdentityDocument } = require('@everymundo/aws-instance-identity');
getIdentityDocument()
.then((result) => {
console.log(result);
})
.catch((err) => {
console.error(err);
});
With async/await
const { getIdentityDocument } = require('@everymundo/aws-instance-identity');
const init = async() => {
try {
const result = getIdentityDocument();
console.log(result);
} catch (e) {
console.error(err);
}
}
Running outside AWS servers
When running locally it will fail the request since that request is done to an endpoint that only works inside the aws infrastructure.
With Socks Proxy
If you really want to get a document you can do so by running a socks proxy with an AWS instance via ssh. The connection can be stablished by running the following command:
# You should replace your-instance-address by your instance address
ssh -ND 8157 your-instance-address &> /dev/null & PID=$! && echo $PID
After that you can just set the environment variable SOCKS_PROXY=socks://127.0.0.1:8157 and run your aplication.
You can try that out in a node console
SOCKS_PROXY=socks://127.0.0.1:8157 node -e "require('@everymundo/aws-instance-identity').getIdentityDocument().then(console.log)"
The output would be similar to this:
{
privateIp: '192.168.0.12',
devpayProductCodes: null,
availabilityZone: 'us-west-1a',
version: '2010-08-31',
instanceId: 'i-2093840273489',
billingProducts: null,
instanceType: 'm4.xlarge',
accountId: '98237498273984',
architecture: 'x86_64',
kernelId: null,
ramdiskId: null,
imageId: 'ami-34cb443',
pendingTime: '2017-10-20T20:41:03Z',
region: 'us-west-1'
}
Without Socks Proxy
This should bring you an error
node -e "require('@everymundo/aws-instance-identity').getIdentityDocument().catch(console.error)"
The error message would be something similar to this:
{ code: 599,
start: 2018-03-21T04:35:54.692Z,
end: 1521606957775,
err:
{ Error: connect EHOSTUNREACH 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1170:14)
errno: 'EHOSTUNREACH',
code: 'EHOSTUNREACH',
syscall: 'connect',
address: '169.254.169.254',
port: 80 },
attempt: 1,
endpoint: 'http://169.254.169.254/latest/dynamic/instance-identity/document' }
FAQs
Returns information about the AWS Instance that calls it
The npm package @everymundo/aws-instance-identity receives a total of 3 weekly downloads. As such, @everymundo/aws-instance-identity popularity was classified as not popular.
We found that @everymundo/aws-instance-identity demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 24 open source maintainers collaborating on the project.
Package last updated on 17 Dec 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025