Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@sp-api-sdk/shipping-api-v1
Advanced tools
@sp-api-sdk/shipping-api-v1
Provides programmatic access to Amazon Shipping APIs. Note: If you are new to the Amazon Shipping API, refer to the latest version of Amazon Shipping API (v2) on the Amazon Shipping Developer Documentation site.
shipping-api-v1
Provides programmatic access to Amazon Shipping APIs.
Note: If you are new to the Amazon Shipping API, refer to the latest version of Amazon Shipping API (v2) on the Amazon Shipping Developer Documentation site.
Documentation
Learn more about this Selling Partner API by visiting the official documentation.
Also, see the generated documentation for this API client.
Installing
npm install @sp-api-sdk/shipping-api-v1
Getting Started
import {SellingPartnerApiAuth} from '@sp-api-sdk/auth'
import {ShippingApiClient} from '@sp-api-sdk/shipping-api-v1'
const auth = new SellingPartnerApiAuth({
clientId: process.env.LWA_CLIENT_ID,
clientSecret: process.env.LWA_CLIENT_SECRET,
refreshToken: 'Atzr|…',
})
const client = new ShippingApiClient({
auth,
region: 'eu',
})
Rate Limiting
In order to retry rate limited requests (HTTP 429), you can configure the API client as such:
const client = new ShippingApiClient({
auth,
region: 'eu',
rateLimiting: {
retry: true,
// Optionally specify a callback that will be called on every retry.
onRetry: (retryInfo) => {
console.log(retryInfo)
},
},
})
The rate limits used for each route are specified in the API documentation.
Logging
You can enable logging for both SP-API requests and responses by configuring the logging.request and logging.response properties.
const client = new ShippingApiClient({
auth,
region: 'eu',
logging: {
request: {
logger: console.debug
},
response: {
logger: console.debug
},
error: true,
},
})
Specifying true will use the default options, specifying an object will allow you to override the default options.
This uses axios-logger under the hood.
By default, if enabled, the request and response loggers will use console.info and the error logger will use console.error.
License
MIT
Miscellaneous
╚⊙ ⊙╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
FAQs
Provides programmatic access to Amazon Shipping APIs. Note: If you are new to the Amazon Shipping API, refer to the latest version of Amazon Shipping API (v2) on the Amazon Shipping Developer Documentation site.
The npm package @sp-api-sdk/shipping-api-v1 receives a total of 12 weekly downloads. As such, @sp-api-sdk/shipping-api-v1 popularity was classified as not popular.
We found that @sp-api-sdk/shipping-api-v1 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025