Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team -  Nov 24, 2025
🚨 Shai-Hulud Strikes Again:More than 500 packages and 700+ versions compromised.Technical Analysis →
s3-groundskeeper
Advanced tools
S3 Grounds Keeper
One way synchronization local directory content with Amazon S3 bucket.
Setup, develop, build
npm
setup: npm i
start develop: npm run build
yarn
setup yarn
start develop: yarn build
CLI
| --arg | -short | required | description |
|---|---|---|---|
| --src=path | -s=path | * | path to source (sync out) directory |
| --s3-region=name | * | S3 Bucket's region | |
| --s3-endpoint=url | S3 Endpoint URL | ||
| --s3-key=key | * | S3 Access Key | |
| --s3-seckey=key | * | S3 Secret Access Key | |
| --s3-bucket=name | -b=name | * | S3 destination (sync in) bucket name (NOT ARN, just a name) |
| --artifactory-url=url | * | jfrog Artifactory base url | |
| --artifactory-user=username | * | jfrog Artifactory user | |
| --artifactory-password=password | jfrog Artifactory user's password | ||
| --artifactory-apikey=jfapikey | jfrog Artifactory user's Api key | ||
| --dry-run | -n | Dry run: do nothing only prints what to do. | |
| --show-conf | Print json object for the used configuration. |
jFrog notes
Currently supported Basic authentication using your username and API Key: user name and Api key must be provided. Each request will use Authorization (http header) = base64('Basic jfuser:jfapikey'). Instead of api key password also can be used.
S3 notes
Access to s3 bucket provided through AWS SDK/Client S3 Api. There is required parameters to configure access to S3 resources:
- region;
- access key / secret access key;
- target bucket's name;
Metapointer file format.
#metapointer PROVIDERNAME oid provider_secific_data
Providers:
| Provider | Data | Sample |
|---|---|---|
| jfrogart | oid aql_request_field:field_value | oid md5:e26a6019c8da5d9a3e6f742c0c6cc02c |
Sample for jfrogart
#metapointer jfrogart oid md5:e26a6019c8da5d9a3e6f742c0c6cc02c
or
#metapointer jfrogart oid name:myfilename.txt
Publish a new release
- Make an annotated git tag using
git tag -a <version>orgit tag -s <version>, if signed tag is preferred. - Checkout the tag, cleanup the working tree.
- Install the dependencies:
npm ci. - Build the package:
npm run build -- --version <version>. - Create the tarball:
npm pack ./dist, check the tarball contents. - Publish the tarball:
npm publish <path-to-tgz>.
Keywords
FAQs
One way sync. local directory -> s3 bucket's content
We found that s3-groundskeeper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 15 Feb 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025