Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
_______ _______ _______ _______
( ___ )|\ /|( ____ \( ____ \|\ /|( )
| ( ) || ) ( || ( \/| ( \/| ) ( || () () |
| (___) || | _ | || (_____ | (_____ | | | || || || |
| ___ || |( )| |(_____ )(_____ )| | | || |(_)| |
| ( ) || || || | ) | ) || | | || | | |
| ) ( || () () |/\____) |/\____) || (___) || ) ( |
|/ \|(_______)\_______)\_______)(_______)|/ \|
NodeJS module to aid talking to Web Service APIs.
IRC : Come and say hello in #awssum on Freenode. :)
To use an AwsSum plugin, you need to install the plugin you need for the relevant service. Please follow the documentation for that plugin.
Here's an example program to list all your buckets in S3:
Example: s3-list-buckets.js
:
var amazonS3 = require('awssum-amazon-s3');
var s3 = new amazonS3.S3({
'accessKeyId' : process.env.AWS_ACCESS_KEY_ID,
'secretAccessKey' : process.env.AWS_SECRET_ACCESS_KEY,
'region' : amazonS3.US_EAST_1,
});
s3.ListBuckets(function(err, data) {
if (err) throw new Error(err);
var buckets = data.Body.ListAllMyBucketsResult.Buckets.Bucket;
buckets.forEach(function(bucket) {
console.log('%s : %s', bucket.CreationDate, bucket.Name);
});
});
To run this program:
$ npm install awssum-amazon-s3
$ export AWS_ACCESS_KEY_ID=...
$ export AWS_SECRET_ACCESS_KEY=...
$ node s3-list-buckets.js
2008-01-06T10:04:16.000Z : my-bucket-1
2008-03-09T08:27:30.000Z : another-bucket
2008-03-09T09:02:53.000Z : photos
2008-06-14T23:43:10.000Z : storage-area
There are intro programs, examples and full docs in each plugin's repository, so please read them for specific instructions for each plugin.
Please see each plugin for more instructions.
Provider | Service | Plugin |
---|---|---|
Amazon | Identity and Access Management | awssum-amazon-iam |
Amazon | AutoScaling | awssum-amazon-autoscaling |
Amazon | Instance MetaData | awssum-amazon-imd |
Amazon | CloudFormation | awssum-amazon-cloudformation |
Amazon | Import Export | awssum-amazon-importexport |
Amazon | CloudFront | awssum-amazon-cloudfront |
Amazon | Relational Database Service | awssum-amazon-rds |
Amazon | CloudSearch | awssum-amazon-cloudsearch |
Amazon | CloudWatch | awssum-amazon-cloudwatch |
Amazon | Route53 | awssum-amazon-route53 |
Amazon | DynamoDB | awssum-amazon-dynamodb |
Amazon | Simple Storage Service | awssum-amazon-s3 |
Amazon | Elastic Compute Cloud | awssum-amazon-ec2 |
Amazon | Simple Email Service | awssum-amazon-ses |
Amazon | ElastiCache | awssum-amazon-elasticache |
Amazon | SimpleDB | awssum-amazon-simpledb |
Amazon | ElasticBeanstalk | awssum-amazon-elasticbeanstalk |
Amazon | Simple Notification Service | awssum-amazon-sns |
Amazon | Elastic LoadBalancer | awssum-amazon-elb |
Amazon | Simple Queue Service | awssum-amazon-sqs |
Amazon | Elastic MapReduce | awssum-amazon-emr |
Amazon | StorageGateway | awssum-amazon-storagegateway |
Amazon | Flexible Payments Service | awssum-amazon-fps |
Amazon | Security Token Service | awssum-amazon-sts |
Amazon | Glacier | awssum-amazon-glacier |
Amazon | Simple WorkFlow | awssum-amazon-swf |
Coming soon:
Since each plugin peerDepends
on the service plugin and ultimately awssum
itself, you don't need to specify
these in your package.json
.
Dont do this:
"dependencies" : {
"awssum" : "1.0.x",
"awssum-amazon" : "1.0.x",
"awssum-amazon-s3" : "1.0.x"
},
You should do this instead (it will pull both awssum-amazon
and awssum
in too):
"dependencies" : {
"awssum-amazon-s3" : "1.0.x"
},
The first thing to realise when writing a plugin is that each service is provided by a provider. In the case of Amazon S3, Amazon is the provider and S3 is the service. For Twitter, since they only provide one service, then the provider would be named 'twitter' and you'd probably use the same name for the service.
In general then, you'd write two plugins with the following names:
For other examples, you might write awssum-openstack
, awssum-openstack-nova
and awssum-openstack-keystone
.
Once the provider plugin exists, new services for that provider just need the awssum-<provider>-<service>
to be
written. e.g. awssum-openstack-swift
.
Please also note to use peerDependencies
in your package.json
and depend on the correct version of
AwsSum. Your awssum-<provider>
package should peer depend on AwsSum and your awssum-<provider>-<service>
package should peer depend on your awssum-<provider>
package. I hope this makes sense. :)
Written by Andrew Chilton - Blog - Twitter.
(Ends)
FAQs
NodeJS module to aid talking to Web Service APIs. Requires plugins.
The npm package awssum receives a total of 80 weekly downloads. As such, awssum popularity was classified as not popular.
We found that awssum demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.