Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The aws-sdk npm package is the official AWS SDK for JavaScript, providing JavaScript objects for AWS services including Amazon S3, EC2, DynamoDB, and more. It allows developers to interact with AWS services programmatically, enabling them to build scalable solutions with AWS infrastructure.
Interacting with Amazon S3
This code sample demonstrates how to retrieve an object from an Amazon S3 bucket using the aws-sdk.
{"const AWS = require('aws-sdk');
const s3 = new AWS.S3();
const params = { Bucket: 'myBucket', Key: 'myKey' };
s3.getObject(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Managing EC2 Instances
This code sample shows how to describe EC2 instances, providing information about instances running in your AWS account.
{"const AWS = require('aws-sdk');
const ec2 = new AWS.EC2();
const params = { InstanceIds: ['i-1234567890abcdef0'] };
ec2.describeInstances(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Working with DynamoDB
This code sample illustrates how to retrieve an item from a DynamoDB table using the aws-sdk.
{"const AWS = require('aws-sdk');
const dynamoDB = new AWS.DynamoDB();
const params = {
TableName: 'myTable',
Key: {
'myKey': { S: 'myKeyValue' }
}
};
dynamoDB.getItem(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
The google-cloud package is a client library for accessing Google Cloud services similar to how aws-sdk accesses AWS services. It supports services like Google Cloud Storage, BigQuery, and more. While aws-sdk is specific to AWS, google-cloud is tailored for Google Cloud Platform.
The ali-oss package is an SDK for Alibaba Cloud's OSS (Object Storage Service). It offers a subset of the features provided by aws-sdk, but specifically for Alibaba Cloud's storage service. It's a more specialized tool compared to the broad service coverage of aws-sdk.
The official AWS SDK for JavaScript, available for browsers and mobile devices, or Node.js backends
For release notes, see the CHANGELOG. Prior to v2.4.8, release notes can be found at https://aws.amazon.com/releasenotes/?tag=releasenotes%23keywords%23javascript
If you are upgrading from 1.x to 2.0 of the SDK, please see the upgrading notes for information on how to migrate existing code to work with the new major version.
To use the SDK in the browser, simply add the following script tag to your HTML pages:
<script src="https://sdk.amazonaws.com/js/aws-sdk-2.657.0.min.js"></script>
You can also build a custom browser SDK with your specified set of AWS services. This can allow you to reduce the SDK's size, specify different API versions of services, or use AWS services that don't currently support CORS if you are working in an environment that does not enforce CORS. To get started:
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/building-sdk-for-browsers.html
The AWS SDK is also compatible with browserify.
For browser-based web, mobile and hybrid apps, you can use AWS Amplify Library which extends the AWS SDK and provides an easier and declarative interface.
The preferred way to install the AWS SDK for Node.js is to use the npm package manager for Node.js. Simply type the following into a terminal window:
npm install aws-sdk
To use the SDK in a react native project, first install the SDK using npm:
npm install aws-sdk
Then within your application, you can reference the react native compatible version of the SDK with the following:
var AWS = require('aws-sdk/dist/aws-sdk-react-native');
Alternatively, you can use AWS Amplify Library which extends AWS SDK and provides React Native UI components and CLI support to work with AWS services.
You can also use Bower to install the SDK by typing the following into a terminal window:
bower install aws-sdk-js
You can find a getting started guide at:
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide
API reference at:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/
The AWS SDK for JavaScript bundles TypeScript definition files for use in TypeScript projects and to support tools that can read .d.ts
files.
Our goal is to keep these TypeScript definition files updated with each release for any public api.
Before you can begin using these TypeScript definitions with your project, you need to make sure your project meets a few of these requirements:
Use TypeScript v2.x
Includes the TypeScript definitions for node. You can use npm to install this by typing the following into a terminal window:
npm install --save-dev @types/node
If you are targeting at es5 or older ECMA standards, your tsconfig.json
has to include 'es5'
and 'es2015.promise'
under compilerOptions.lib
.
See tsconfig.json for an example.
To use the TypeScript definition files with the global AWS
object in a front-end project, add the following line to the top of your JavaScript file:
/// <reference types="aws-sdk" />
This will provide support for the global AWS
object.
To use the TypeScript definition files within a Node.js project, simply import aws-sdk
as you normally would.
In a TypeScript file:
// import entire SDK
import AWS from 'aws-sdk';
// import AWS object without services
import AWS from 'aws-sdk/global';
// import individual service
import S3 from 'aws-sdk/clients/s3';
In a JavaScript file:
// import entire SDK
var AWS = require('aws-sdk');
// import AWS object without services
var AWS = require('aws-sdk/global');
// import individual service
var S3 = require('aws-sdk/clients/s3');
To create React applications with AWS SDK, you can use AWS Amplify Library which provides React components and CLI support to work with AWS services.
Due to the SDK's reliance on node.js typings, you may encounter compilation issues when using the typings provided by the SDK in an Angular project created using the Angular CLI.
To resolve these issues, either add "types": ["node"]
to the project's tsconfig.app.json
file, or remove the "types"
field entirely.
AWS Amplify Library provides Angular components and CLI support to work with AWS services.
There are a few known limitations with the bundled TypeScript definitions at this time:
apiVersion
, regardless of which apiVersion
is specified when creating a client.any
type.Please use these community resources for getting help. We use the GitHub issues for tracking bugs and feature requests and have limited bandwidth to address them.
aws-sdk-js
If you encounter a bug with the AWS SDK for JavaScript we would like to hear about it. Search the existing issues and try to make sure your problem doesn’t already exist before opening a new issue. It’s helpful if you include the version of the SDK, Node.js or browser environment and OS you’re using. Please include a stack trace and reduced repro case when appropriate, too.
The GitHub issues are intended for bug reports and feature requests. For help and questions with using the AWS SDK for JavaScript please make use of the resources listed in the Getting Help section. There are limited resources available for handling issues and by keeping the list of open issues lean we can respond in a timely manner.
Please see SERVICES.md for a list of supported services.
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
AWS SDK for JavaScript
We found that aws-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.