Gathering detailed insights and metrics for @aws-sdk/s3-request-presigner
Gathering detailed insights and metrics for @aws-sdk/s3-request-presigner
Modularized AWS SDK for JavaScript.
Installations
npm install @aws-sdk/s3-request-presignerDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=18.0.0
Node Version
18.20.6
NPM Version
10.9.2
Score
95.7
Supply Chain
100
Quality
96.6
Maintenance
100
Vulnerability
100
License
Releases
1,032
Languages
11
TypeScript
Java
JavaScript
Gherkin
Starlark
Objective-C
Ruby
Shell
Handlebars
Smithy
Makefile
TypeScript (99.65%)
Java (0.23%)
JavaScript (0.1%)
Gherkin (0.01%)
Developer
aws
Download Statistics
Total Downloads
283,033,216
Last Day
148,497
Last Week
3,145,689
Last Month
13,537,597
Last Year
132,479,923
GitHub Statistics
Apache-2.0 License
3,349 Stars
9,551 Commits
619 Forks
42 Watchers
12 Branches
167 Contributors
Updated on Jul 04, 2025
Bundle Size
71.36 kB
Minified
21.93 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
3.842.0
Package Id
@aws-sdk/s3-request-presigner@3.842.0
Unpacked Size
33.74 kB
Size
9.52 kB
File Count
16
NPM Version
10.9.2
Node Version
18.20.6
Published on
Jul 02, 2025
Total Downloads
Cumulative downloads
Total Downloads
283,033,216
Last Day
5.5%
148,497
Compared to previous day
Last Week
-6.8%
3,145,689
Compared to previous week
Last Month
1.1%
13,537,597
Compared to previous month
Last Year
61.5%
132,479,923
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
@aws-sdk/s3-request-presigner
This package provides a presigner based on signature V4 that will attempt to generate signed url for S3.
Get Presigned URL with Client and Command
You can generated presigned url from S3 client and command. Here's the example:
1import { getSignedUrl } from "@aws-sdk/s3-request-presigner"; 2import { S3Client, GetObjectCommand } from "@aws-sdk/client-s3"; 3const client = new S3Client(clientParams); 4const command = new GetObjectCommand(getObjectParams); 5const url = await getSignedUrl(client, command, { expiresIn: 3600 });
You can get signed URL for other S3 operations too, like PutObjectCommand.
expiresIn config from the examples above is optional. If not set, it's default
at 900.
If you already have a request, you can pre-sign the request following the section bellow.
Get Presigned URL from an Existing Request
1import { S3RequestPresigner } from "@aws-sdk/s3-request-presigner"; 2import { Sha256 } from "@aws-crypto/sha256-browser"; 3import { Hash } from "@aws-sdk/hash-node"; 4const signer = new S3RequestPresigner({ 5 region: regionProvider, 6 credentials: credentialsProvider, 7 sha256: Hash.bind(null, "sha256"), // In Node.js 8 //sha256: Sha256 // In browsers 9}); 10const presigned = await signer.presign(request);
To avoid redundant construction parameters when instantiating the s3 presigner, you can simply spread the configuration of an existing s3 client and supply it to the presigner's constructor.
1//s3 is instantiated from S3Client from @aws-sdk/client-s3-* packages 2const signer = new S3RequestPresigner({ 3 ...s3.config, 4});
Get Presigned URL with headers that cannot be signed
By using the getSignedUrl with a S3Client you are able to sign your
headers, improving the security of presigned url. Importantly, if you want to
sign any x-amz-* headers (like the ChecksumSHA256 header in this example),
you need to provide those headers to the set of unhoistableHeaders in the
getSignedUrl params which will force those headers to be present in the
upload request.
1import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3"; 2import { getSignedUrl } from "@aws-sdk/s3-request-presigner"; 3 4const s3Client = new S3Client({ region: "us-east-1" }); 5const command = new PutObjectCommand({ 6 Bucket: bucket, 7 Key: key, 8 ChecksumSHA256: sha, 9}); 10 11const presigned = getSignedUrl(s3Client, command, { 12 expiresIn: expiration, 13 // Set of all x-amz-* headers you wish to have signed 14 unhoistableHeaders: new Set(["x-amz-checksum-sha256"]), 15});
Get Presigned URL with headers that should be signed
For headers that are not x-amz-* you are able to add them to the set of
signableHeaders to be enforced in the presigned urls request.
1import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3"; 2import { getSignedUrl } from "@aws-sdk/s3-request-presigner"; 3 4const s3Client = new S3Client({ region: "us-east-1" }); 5const command = new PutObjectCommand({ 6 Bucket: bucket, 7 Key: key, 8 ContentType: contentType, 9}); 10 11const presigned = getSignedUrl(s3Client, command, { 12 signableHeaders: new Set(["content-type"]), 13 expiresIn: expiration, 14});
PutObject with use of hoistableHeaders
hoistableHeaders overrides the default behavior of not hoisting
any headers that begin with x-amz-*.
1// example: Server Side Encryption headers 2import { getSignedUrl } from "@aws-sdk/s3-request-presigner"; 3import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3"; 4 5const params = { 6 Key: "...", 7 Bucket: "...", 8 ServerSideEncryption: "aws:kms", 9 SSEKMSKeyId: "arn:aws:kms:us-west-2:0000:key/abcd-1234-abcd", 10}; 11const s3Client = new S3Client(); 12const command = new PutObjectCommand(params); 13 14const preSignedUrl = await getSignedUrl(s3Client, command, { 15 hoistableHeaders: new Set(["x-amz-server-side-encryption", "x-amz-server-side-encryption-aws-kms-key-id"]), 16});
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/aws/.github/SECURITY.md:1
- Info: Found linked content: github.com/aws/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/aws/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/aws/.github/SECURITY.md:1
Reason
SAST tool is run on all commits
Details
- Info: all commits (3) are checked with a SAST tool
Reason
binaries present in source code
Details
- Warn: binary detected: codegen/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: tests/react-native/End2End/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
Found 3/30 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/stale_issues.yml:12
- Warn: no topLevel permission defined: .github/workflows/closed-issue-message.yml:1
- Warn: no topLevel permission defined: .github/workflows/codegen-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/commit-message-lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/git-sync.yml:1
- Warn: no topLevel permission defined: .github/workflows/handle-stale-discussions.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-regression-labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/lock.yml:1
- Warn: no topLevel permission defined: .github/workflows/pre-commit-hooks.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale_issues.yml:1
- Info: no jobLevel write permissions found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v3.841.0 not signed: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/229210497
- Warn: release artifact v3.840.0 not signed: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228898606
- Warn: release artifact v3.839.0 not signed: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228461098
- Warn: release artifact v3.838.0 not signed: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228107511
- Warn: release artifact v3.837.0 not signed: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/227806232
- Warn: release artifact v3.841.0 does not have provenance: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/229210497
- Warn: release artifact v3.840.0 does not have provenance: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228898606
- Warn: release artifact v3.839.0 does not have provenance: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228461098
- Warn: release artifact v3.838.0 does not have provenance: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/228107511
- Warn: release artifact v3.837.0 does not have provenance: https://api.github.com/repos/aws/aws-sdk-js-v3/releases/227806232
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed-issue-message.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/closed-issue-message.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codegen-ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/codegen-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codegen-ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/codegen-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-message-lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/commit-message-lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/commit-message-lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/git-sync.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/git-sync.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/handle-stale-discussions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-regression-labeler.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/issue-regression-labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/lock.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit-hooks.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/pre-commit-hooks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit-hooks.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/pre-commit-hooks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale_issues.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-js-v3/stale_issues.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-mg2h-6x62-wpwc
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
Score
4.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More