Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Amazon Web Services node.js module. Originally a fork of aws-lib.
Either manually clone this repository into your node_modules
directory, then run npm install
on the aws2js top directory, or the recommended method:
npm install aws2js
The installation depends on npm 1.1.x+ as it uses the optionalDependencies feature which means that node.js v0.4.x isn't supported. Technically, it still works, but you need to manually install an XML parser and a MIME library that aws2js can use.
Since v0.8 all the dependencies are installed (if possible), then the library uses its feature detection to try its best. Picking your favorite isn't possible, unless you actually uninstall the modules you don't want the library to use. I had it implemented in v0.7. It was a maintenance nightmare.
The optional dependencies are:
aws2js prefers libxml-to-js and mime-magic for various reasons. Under Windows, the libxml-to-js installation should fail, therefore it uses xml2js. Please notice that the mime library detects the MIME type by doing a file extension lookup, while mime-magic does it the proper way by wrapping the functionality of libmagic. You have been warned.
The HTTPS support isn't working as intended due to lack of proper node.js support till v0.8.5, therefore the usage of previous node.js versions is deprecated. The host based addressing for S3 buckets must be changed in order to avoid the situation presented into the documentation.
For the moment, this project is largely a one man show. Bear with me if things don't move as fast as they should. There are a handful of aws2js contributors as well. The community makes things to be better for everyone.
If you'd like to contribute your line of code (or more), please send a pull request against the future branch. This makes things to be easier on my side. Feature branches are also acceptable. Even commits in your master branch are acceptable. I don't rely on GitHub's merge functionality as I always pull from remotes and manually issue the merge command.
I ask you to patch against the future branch since that's the place where all the development happens, therefore it should be the least conflicts when merging your code. I use the master only for integrating the releases. The master branch always contains the latest stable release.
FAQs
AWS (Amazon Web Services) APIs client implementation for node.js
The npm package aws2js receives a total of 255 weekly downloads. As such, aws2js popularity was classified as not popular.
We found that aws2js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.