Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@smithy/shared-ini-file-loader
Advanced tools
[![NPM version](https://img.shields.io/npm/v/@smithy/shared-ini-file-loader/latest.svg)](https://www.npmjs.com/package/@smithy/shared-ini-file-loader) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/shared-ini-file-loader.svg)](https://www.npmjs.c
@smithy/shared-ini-file-loader is a utility package for loading and parsing AWS credentials and configuration from INI files. It is commonly used in AWS SDKs to manage and access AWS credentials and configuration settings stored in shared INI files, such as the AWS credentials file and the AWS config file.
Load AWS Credentials
This feature allows you to load AWS credentials from the shared credentials file. The code sample demonstrates how to use the `loadSharedConfigFiles` function to load and print the contents of the credentials file.
const { loadSharedConfigFiles } = require('@smithy/shared-ini-file-loader');
async function loadCredentials() {
const { credentialsFile } = await loadSharedConfigFiles();
console.log(credentialsFile);
}
loadCredentials();
Load AWS Configurations
This feature allows you to load AWS configurations from the shared config file. The code sample demonstrates how to use the `loadSharedConfigFiles` function to load and print the contents of the config file.
const { loadSharedConfigFiles } = require('@smithy/shared-ini-file-loader');
async function loadConfig() {
const { configFile } = await loadSharedConfigFiles();
console.log(configFile);
}
loadConfig();
Parse Specific Profile
This feature allows you to load and parse a specific profile from the shared INI files. The code sample demonstrates how to load the 'default' profile from the config and credentials files.
const { loadSharedConfigFiles } = require('@smithy/shared-ini-file-loader');
async function loadProfile(profile) {
const { configFile, credentialsFile } = await loadSharedConfigFiles();
const profileConfig = configFile[profile] || credentialsFile[profile];
console.log(profileConfig);
}
loadProfile('default');
The `aws-sdk` package is the official AWS SDK for JavaScript. It provides a comprehensive set of tools for interacting with AWS services, including loading credentials and configuration from shared INI files. Compared to `@smithy/shared-ini-file-loader`, `aws-sdk` offers a broader range of functionalities beyond just loading INI files.
This module provides a function that reads from AWS SDK configuration files and
returns a promise that will resolve with a hash of the parsed contents of the
AWS credentials file and of the AWS config file. Given the sample
files below, the promise returned by loadSharedConfigFiles
would resolve with:
{
configFile: {
'default': {
aws_access_key_id: 'foo',
aws_secret_access_key: 'bar',
},
dev: {
aws_access_key_id: 'foo1',
aws_secret_access_key: 'bar1',
},
prod: {
aws_access_key_id: 'foo2',
aws_secret_access_key: 'bar2',
},
'testing host': {
aws_access_key_id: 'foo4',
aws_secret_access_key: 'bar4',
}
},
credentialsFile: {
'default': {
aws_access_key_id: 'foo',
aws_secret_access_key: 'bar',
},
dev: {
aws_access_key_id: 'foo1',
aws_secret_access_key: 'bar1',
},
prod: {
aws_access_key_id: 'foo2',
aws_secret_access_key: 'bar2',
}
},
}
If a file is not found, its key (configFile
or credentialsFile
) will instead
have a value of an empty object.
You may customize how the files are loaded by providing an options hash to the
loadSharedConfigFiles
function. The following options are supported:
filepath
- The path to the shared credentials file. If not specified, the
provider will use the value in the AWS_SHARED_CREDENTIALS_FILE
environment
variable or a default of ~/.aws/credentials
.configFilepath
- The path to the shared config file. If not specified, the
provider will use the value in the AWS_CONFIG_FILE
environment variable or a
default of ~/.aws/config
.ignoreCache
- The provider will normally cache the contents of the files it
loads. This option will force the provider to reload the files from disk.
Defaults to false
.~/.aws/credentials
[default]
aws_access_key_id=foo
aws_secret_access_key=bar
[dev]
aws_access_key_id=foo2
aws_secret_access_key=bar2
[prod]
aws_access_key_id=foo3
aws_secret_access_key=bar3
~/.aws/config
[default]
aws_access_key_id=foo
aws_secret_access_key=bar
[profile dev]
aws_access_key_id=foo2
aws_secret_access_key=bar2
[profile prod]
aws_access_key_id=foo3
aws_secret_access_key=bar3
[profile "testing host"]
aws_access_key_id=foo4
aws_secret_access_key=bar4
FAQs
[![NPM version](https://img.shields.io/npm/v/@smithy/shared-ini-file-loader/latest.svg)](https://www.npmjs.com/package/@smithy/shared-ini-file-loader) [![NPM downloads](https://img.shields.io/npm/dm/@smithy/shared-ini-file-loader.svg)](https://www.npmjs.c
The npm package @smithy/shared-ini-file-loader receives a total of 20,238,841 weekly downloads. As such, @smithy/shared-ini-file-loader popularity was classified as popular.
We found that @smithy/shared-ini-file-loader demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.