Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The aws-sdk npm package is the official AWS SDK for JavaScript, providing JavaScript objects for AWS services including Amazon S3, EC2, DynamoDB, and more. It allows developers to interact with AWS services programmatically, enabling them to build scalable solutions with AWS infrastructure.
Interacting with Amazon S3
This code sample demonstrates how to retrieve an object from an Amazon S3 bucket using the aws-sdk.
{"const AWS = require('aws-sdk');
const s3 = new AWS.S3();
const params = { Bucket: 'myBucket', Key: 'myKey' };
s3.getObject(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Managing EC2 Instances
This code sample shows how to describe EC2 instances, providing information about instances running in your AWS account.
{"const AWS = require('aws-sdk');
const ec2 = new AWS.EC2();
const params = { InstanceIds: ['i-1234567890abcdef0'] };
ec2.describeInstances(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
Working with DynamoDB
This code sample illustrates how to retrieve an item from a DynamoDB table using the aws-sdk.
{"const AWS = require('aws-sdk');
const dynamoDB = new AWS.DynamoDB();
const params = {
TableName: 'myTable',
Key: {
'myKey': { S: 'myKeyValue' }
}
};
dynamoDB.getItem(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});"}
The google-cloud package is a client library for accessing Google Cloud services similar to how aws-sdk accesses AWS services. It supports services like Google Cloud Storage, BigQuery, and more. While aws-sdk is specific to AWS, google-cloud is tailored for Google Cloud Platform.
The ali-oss package is an SDK for Alibaba Cloud's OSS (Object Storage Service). It offers a subset of the features provided by aws-sdk, but specifically for Alibaba Cloud's storage service. It's a more specialized tool compared to the broad service coverage of aws-sdk.
The AWS SDK for JavaScript v2 has entered maintenance mode on September 8, 2024 and will be reaching end-of-support on September 8, 2025. During maintenance mode, AWS will limit SDK releases to address critical bug fixes and security issues only. The SDK will not receive API updates for new or existing services, or be updated to support new regions.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.
The AWS SDK for JavaScript v3 is the latest and recommended version, which has been GA since December 2020. Here is why and how you should use AWS SDK for JavaScript v3. You can try our migration scripts in aws-sdk-js-codemod to migrate your application from v2 to v3.
To get help with your migration, please follow our general guidelines to open an issue and choose guidance. To give feedback on and report issues in the v3 repo, please refer to Giving feedback and contributing.
Watch this README and the AWS Developer Tools Blog for updates and announcements regarding the maintenance plans and timelines.
A maintenance mode message may be emitted by this package on startup. To suppress this message, use an environment variable:
AWS_SDK_JS_SUPPRESS_MAINTENANCE_MODE_MESSAGE=1 node my_program.js
or a JavaScript setting as follows:
var SDK = require('aws-sdk');
require('aws-sdk/lib/maintenance_mode_message').suppress = true;
To use the SDK in the browser, simply add the following script tag to your HTML pages:
<script src="https://sdk.amazonaws.com/js/aws-sdk-2.1692.0.min.js"></script>
You can also build a custom browser SDK with your specified set of AWS services. This can allow you to reduce the SDK's size, specify different API versions of services, or use AWS services that don't currently support CORS if you are working in an environment that does not enforce CORS. To get started:
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/building-sdk-for-browsers.html
The AWS SDK is also compatible with browserify.
For browser-based web, mobile and hybrid apps, you can use AWS Amplify Library which extends the AWS SDK and provides an easier and declarative interface.
The preferred way to install the AWS SDK for Node.js is to use the npm package manager for Node.js. Simply type the following into a terminal window:
npm install aws-sdk
To use the SDK in a react native project, first install the SDK using npm:
npm install aws-sdk
Then within your application, you can reference the react native compatible version of the SDK with the following:
var AWS = require('aws-sdk/dist/aws-sdk-react-native');
Alternatively, you can use AWS Amplify Library which extends AWS SDK and provides React Native UI components and CLI support to work with AWS services.
You can also use Bower to install the SDK by typing the following into a terminal window:
bower install aws-sdk-js
The AWS SDK for JavaScript bundles TypeScript definition files for use in TypeScript projects and to support tools that can read .d.ts
files.
Our goal is to keep these TypeScript definition files updated with each release for any public api.
Before you can begin using these TypeScript definitions with your project, you need to make sure your project meets a few of these requirements:
Use latest version of TypeScript. We recommend 4.x+
Includes the TypeScript definitions for node. You can use npm to install this by typing the following into a terminal window:
npm install --save-dev @types/node
If you are targeting at es5 or older ECMA standards, your tsconfig.json
has to include 'es5'
and 'es2015.promise'
under compilerOptions.lib
.
See tsconfig.json for an example.
To use the TypeScript definition files with the global AWS
object in a front-end project, add the following line to the top of your JavaScript file:
/// <reference types="aws-sdk" />
This will provide support for the global AWS
object.
To use the TypeScript definition files within a Node.js project, simply import aws-sdk
as you normally would.
In a TypeScript file:
// import entire SDK
import AWS from 'aws-sdk';
// import AWS object without services
import AWS from 'aws-sdk/global';
// import individual service
import S3 from 'aws-sdk/clients/s3';
NOTE: You need to add "esModuleInterop": true
to compilerOptions of your tsconfig.json
. If not possible, use like import * as AWS from 'aws-sdk'
.
In a JavaScript file:
// import entire SDK
var AWS = require('aws-sdk');
// import AWS object without services
var AWS = require('aws-sdk/global');
// import individual service
var S3 = require('aws-sdk/clients/s3');
To create React applications with AWS SDK, you can use AWS Amplify Library which provides React components and CLI support to work with AWS services.
Due to the SDK's reliance on node.js typings, you may encounter compilation issues when using the typings provided by the SDK in an Angular project created using the Angular CLI.
To resolve these issues, either add "types": ["node"]
to the project's tsconfig.app.json
file, or remove the "types"
field entirely.
AWS Amplify Library provides Angular components and CLI support to work with AWS services.
There are a few known limitations with the bundled TypeScript definitions at this time:
apiVersion
, regardless of which apiVersion
is specified when creating a client.any
type.The best way to interact with our team is through GitHub. You can open an issue and choose from one of our templates for bug reports, feature requests or guidance. You may also find help on community resources such as StackOverFlow with the tag #aws-sdk-js. If you have a support plan with AWS Support, you can also create a new support case.
Please make sure to check out our resources too before opening an issue:
Please see SERVICES.md for a list of supported services.
For information about maintenance and support for SDK major versions and their underlying dependencies, see the following in the AWS SDKs and Tools Shared Configuration and Credentials Reference Guide:
We welcome community contributions and pull requests. See CONTRIBUTING.md for information on how to set up a development environment and submit code.
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
2.1692.0
FAQs
AWS SDK for JavaScript
The npm package aws-sdk receives a total of 7,299,463 weekly downloads. As such, aws-sdk popularity was classified as popular.
We found that aws-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.