Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The aws-sdk npm package is the official AWS SDK for JavaScript, providing JavaScript objects for AWS services including Amazon S3, EC2, DynamoDB, and more. It allows developers to interact with AWS services programmatically, enabling them to build scalable solutions with AWS infrastructure.
Interacting with Amazon S3
This code sample demonstrates how to retrieve an object from an Amazon S3 bucket using the aws-sdk.
{"const AWS = require('aws-sdk');
const s3 = new AWS.S3();
const params = { Bucket: 'myBucket', Key: 'myKey' };
s3.getObject(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Managing EC2 Instances
This code sample shows how to describe EC2 instances, providing information about instances running in your AWS account.
{"const AWS = require('aws-sdk');
const ec2 = new AWS.EC2();
const params = { InstanceIds: ['i-1234567890abcdef0'] };
ec2.describeInstances(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Working with DynamoDB
This code sample illustrates how to retrieve an item from a DynamoDB table using the aws-sdk.
{"const AWS = require('aws-sdk');
const dynamoDB = new AWS.DynamoDB();
const params = {
TableName: 'myTable',
Key: {
'myKey': { S: 'myKeyValue' }
}
};
dynamoDB.getItem(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
The google-cloud package is a client library for accessing Google Cloud services similar to how aws-sdk accesses AWS services. It supports services like Google Cloud Storage, BigQuery, and more. While aws-sdk is specific to AWS, google-cloud is tailored for Google Cloud Platform.
The ali-oss package is an SDK for Alibaba Cloud's OSS (Object Storage Service). It offers a subset of the features provided by aws-sdk, but specifically for Alibaba Cloud's storage service. It's a more specialized tool compared to the broad service coverage of aws-sdk.
The version 3.x of the AWS SDK for JavaScript is generally available. For more information see the Developer Guide or API Reference.
For release notes, see the CHANGELOG. Prior to v2.4.8, release notes can be found at https://aws.amazon.com/releasenotes/?tag=releasenotes%23keywords%23javascript
To use the SDK in the browser, simply add the following script tag to your HTML pages:
<script src="https://sdk.amazonaws.com/js/aws-sdk-2.1062.0.min.js"></script>
You can also build a custom browser SDK with your specified set of AWS services. This can allow you to reduce the SDK's size, specify different API versions of services, or use AWS services that don't currently support CORS if you are working in an environment that does not enforce CORS. To get started:
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/building-sdk-for-browsers.html
The AWS SDK is also compatible with browserify.
For browser-based web, mobile and hybrid apps, you can use AWS Amplify Library which extends the AWS SDK and provides an easier and declarative interface.
The preferred way to install the AWS SDK for Node.js is to use the npm package manager for Node.js. Simply type the following into a terminal window:
npm install aws-sdk
To use the SDK in a react native project, first install the SDK using npm:
npm install aws-sdk
Then within your application, you can reference the react native compatible version of the SDK with the following:
var AWS = require('aws-sdk/dist/aws-sdk-react-native');
Alternatively, you can use AWS Amplify Library which extends AWS SDK and provides React Native UI components and CLI support to work with AWS services.
You can also use Bower to install the SDK by typing the following into a terminal window:
bower install aws-sdk-js
The AWS SDK for JavaScript bundles TypeScript definition files for use in TypeScript projects and to support tools that can read .d.ts
files.
Our goal is to keep these TypeScript definition files updated with each release for any public api.
Before you can begin using these TypeScript definitions with your project, you need to make sure your project meets a few of these requirements:
Use TypeScript v2.x
Includes the TypeScript definitions for node. You can use npm to install this by typing the following into a terminal window:
npm install --save-dev @types/node
If you are targeting at es5 or older ECMA standards, your tsconfig.json
has to include 'es5'
and 'es2015.promise'
under compilerOptions.lib
.
See tsconfig.json for an example.
To use the TypeScript definition files with the global AWS
object in a front-end project, add the following line to the top of your JavaScript file:
/// <reference types="aws-sdk" />
This will provide support for the global AWS
object.
To use the TypeScript definition files within a Node.js project, simply import aws-sdk
as you normally would.
In a TypeScript file:
// import entire SDK
import AWS from 'aws-sdk';
// import AWS object without services
import AWS from 'aws-sdk/global';
// import individual service
import S3 from 'aws-sdk/clients/s3';
NOTE: You need to add "esModuleInterop": true
to compilerOptions of your tsconfig.json
. If not possible, use like import * as AWS from 'aws-sdk'
.
In a JavaScript file:
// import entire SDK
var AWS = require('aws-sdk');
// import AWS object without services
var AWS = require('aws-sdk/global');
// import individual service
var S3 = require('aws-sdk/clients/s3');
To create React applications with AWS SDK, you can use AWS Amplify Library which provides React components and CLI support to work with AWS services.
Due to the SDK's reliance on node.js typings, you may encounter compilation issues when using the typings provided by the SDK in an Angular project created using the Angular CLI.
To resolve these issues, either add "types": ["node"]
to the project's tsconfig.app.json
file, or remove the "types"
field entirely.
AWS Amplify Library provides Angular components and CLI support to work with AWS services.
There are a few known limitations with the bundled TypeScript definitions at this time:
apiVersion
, regardless of which apiVersion
is specified when creating a client.any
type.The best way to interact with our team is through GitHub. You can open an issue and choose from one of our templates for bug reports, feature requests or guidance. You may also find help on community resources such as StackOverFlow with the tag #aws-sdk-js. If you have a support plan with AWS Support, you can also create a new support case.
Please make sure to check out our resources too before opening an issue:
Please see SERVICES.md for a list of supported services.
For information about maintenance and support for SDK major versions and their underlying dependencies, see the following in the AWS SDKs and Tools Shared Configuration and Credentials Reference Guide:
We welcome community contributions and pull requests. See CONTRIBUTING.md for information on how to set up a development environment and submit code.
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
2.1062.0
FAQs
AWS SDK for JavaScript
The npm package aws-sdk receives a total of 8,627,016 weekly downloads. As such, aws-sdk popularity was classified as popular.
We found that aws-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.