Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gatsby-source-s3-image
Advanced tools
GatsbyJS plugin to source images from S3-compliant APIs, with EXIF-extracting superpowers.
gatsby-source-s3-image
is a GatsbyJS Source plugin for
converting images from any S3-compliant API[1] into GatsbyJS nodes.
[1] This includes AWS S3, of course, as well as third-party solutions like Digital Ocean Spaces, or open source / self-hosted products like MinIO.
Sure, knock yourself out. But there are a few benefits you get out-of-the-box with this package:
gatsby-image
, etc.gatsby-source-s3-image
will automatically detect
and extract image EXIF metadata from your photos, and expose this data at
the GraphQL layer as node fields.Currently supported EXIF fields that are automatically extracted when available include:
DateCreatedISO
(string
)DateTimeOriginal
(number
)ExposureTime
(number
)FNumber
(number
)FocalLength
(number
)ISO
(number
)LensModel
(string
)Model
(string
)ShutterSpeedValue
(number
)These fields are properties of the "wrapper" node, S3ImageAsset
. This type
composes the ImageSharp
node, the File
node representing the cached image on
disk (fetched via the RemoteFileNode
API), and lastly the extracted EXIF data.
As a result, you can easily retrieve both a set of images as well as any subset
of their associated metadata in a single request — or just the metadata by
itself, if that's all you need. For example:
export const pageQuery = graphql`
query PhotographyPostsQuery {
allS3ImageAsset {
edges {
node {
id
EXIF {
DateCreatedISO
ExposureTime
FNumber
ShutterSpeedValue
}
childrenFile {
childImageSharp {
original {
height
width
}
thumbnailSizes: fluid(maxWidth: 256) {
aspectRatio
src
srcSet
sizes
}
largeSizes: fluid(maxWidth: 1024) {
aspectRatio
src
srcSet
sizes
}
}
}
}
}
}
}
`
Add the dependency to your package.json
:
$ yarn add gatsby-source-s3-image
$ # Or:
$ npm install --save gatsby-source-s3-image
Next, register the plugin with the GatsbyJS runtime in the plugins
field
exported from your gatsby-config.js
file, filling in the values to point to
wherever your bucket is hosted:
const sourceS3 = {
resolve: 'gatsby-source-s3-image',
options: {
bucketName: 'jesse.pics',
domain: null, // [optional] Not necessary to define for AWS S3; defaults to `s3.amazonaws.com`
protocol: 'https', // [optional] Default to `https`.
},
}
const plugins = [
sourceS3,
// ...
]
module.exports = { plugins }
As mentioned above, gatsby-source-s3-image
exposes nodes of type
S3ImageAsset
:
interface S3ImageAssetNode {
id: string
absolutePath: string
ETag: string
Key: string
EXIF: ExifData | undefined // ExifData is defined below -->
internal: {
content: string
contentDigest: string
mediaType: string
type: string
}
}
interface ExifData {
DateCreatedISO: string
DateTimeOriginal: number
ExposureTime: number
FNumber: number
FocalLength: number
ISO: number
LensModel: string
Model: string
ShutterSpeedValue: number
}
Not only can this be used to populate page data, I've found it useful in bootstrapping the pages themselves, e.g., to programmatically create dynamic Photo Gallery pages at build time depending on the contents of a bucket. For example:
// In `gatsby-node.js` -- using a query like this:
const photographyQuery = graphql`
{
allS3ImageAsset {
edges {
node {
ETag
EXIF {
DateCreatedISO
}
}
}
}
}
`
// We can then dynamically generate pages based on EXIF data, like this:
const createPages = ({ actions }) => {
const { createPage } = actions
const photographyTemplate = path.resolve(
'./src/templates/photography-post.js'
)
const createPhotographyPosts = edges => {
// Create the photography "album" pages -- these are a collection of photos
// grouped by ISO date.
const imagesGroupedByDate = _.groupBy(edges, 'node.EXIF.DateCreatedISO')
_.each(imagesGroupedByDate, (images, date) => {
createPage({
path: `/photography/${date}`,
component: photographyTemplate,
context: {
name: date,
datetime: DateTime.fromISO(date),
type: PageType.Photography,
},
})
})
}
}
gatsby-source-s3-image
was recently updated to support Gatsby V2,
which required some breaking changes. The Gatsby V1-compatible version of the
plugin is still fully functional, and will continue to receive maintenance
updates as necessary. The last release compatible with Gatsby V1 can be found
here.
FAQs
GatsbyJS plugin to source images from S3-compliant APIs, with EXIF-extracting superpowers.
The npm package gatsby-source-s3-image receives a total of 11 weekly downloads. As such, gatsby-source-s3-image popularity was classified as not popular.
We found that gatsby-source-s3-image demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.