Gathering detailed insights and metrics for aws-iot-device-sdk-v2
Gathering detailed insights and metrics for aws-iot-device-sdk-v2
Installations
npm install aws-iot-device-sdk-v2Releases
91
MQTT-js revert
v1.21.1
Published on 05 Sept 2024
MQTT-js major version upgrade
v1.21.0
Published on 29 Aug 2024
Improve Linux s2n support
v1.20.1
Published on 22 Aug 2024
Update Greengrass IPC model
v1.20.0
Published on 12 Jul 2024
Pin CRT until TLS13 issue resolved
v1.19.6
Published on 05 Jul 2024
Remove unnecessary dependency
v1.19.5
Published on 24 Apr 2024
Developer
aws
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
223 Stars
290 Commits
100 Forks
22 Watching
25 Branches
45 Contributors
Updated on 23 Nov 2024
Bundle Size
465.95 kB
Minified
120.80 kB
Minified + Gzipped
Languages
TypeScript (87.99%)
Python (9.25%)
Shell (1.82%)
Gherkin (0.76%)
HTML (0.09%)
JavaScript (0.09%)
Total Downloads
Cumulative downloads
Total Downloads
2,607,470
Last day
-10%
8,554
Compared to previous day
Last week
9.6%
55,591
Compared to previous week
Last month
14.5%
219,750
Compared to previous month
Last year
248.3%
1,866,646
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
AWS IoT Device SDK for JavaScript v2
This document provides information about the AWS IoT device SDK for Javascript V2. This SDK is built on the AWS Common Runtime
Jump To:
- Installation
- Samples
- Mac-Only TLS Behavior
- Getting Help
- FAQ
- API Docs
- MQTT5 User Guide
- Migration Guide from the AWS IoT SDK for JavaScript v1
Installation
Minimum Requirements
For use with Node, the following are required:
- Node v14+
- Run
node -vto check Node version.
- Run
- CMake 3.1+
Build SDK in existing project with NPM
1# Navigate to the Javascript project you want to add the 2# Javascript V2 SDK to. 3cd <your javascript project here> 4# Install the V2 SDK. 5npm install aws-iot-device-sdk-v2 6# Now you can use the Javascript V2 SDK in your project.
Build the V2 SDK from source
1# Create a workspace directory to hold all the SDK files. 2mkdir sdk-workspace 3cd sdk-workspace 4 5# Clone the repository to access the samples. 6git clone https://github.com/aws/aws-iot-device-sdk-js-v2.git 7 8# Install the SDK. 9cd aws-iot-device-sdk-js-v2 10npm install 11 12# Then you can run the samples following the instructions in the samples README.
Samples
Mac-Only TLS Behavior
Please note that on Mac, once a private key is used with a certificate, that certificate-key pair is imported into the Mac Keychain. All subsequent uses of that certificate will use the stored private key and ignore anything passed in programmatically. Beginning in v1.7.3, when a stored private key from the Keychain is used, the following will be logged at the "info" log level:
static: certificate has an existing certificate-key pair that was previously imported into the Keychain. Using key from Keychain instead of the one provided.
Getting Help
The best way to interact with our team is through GitHub. You can open a discussion for guidance questions or an issue for bug reports, or feature requests. You may also find help on community resources such as StackOverFlow with the tag #aws-iot or if you have a support plan with AWS Support, you can also create a new support case.
Please make sure to check out our resources too before opening an issue:
- FAQ
- API Docs
- IoT Guide (source)
- MQTT5 User Guide
- Check for similar Issues
- AWS IoT Core Documentation
- Dev Blog
- Integration with AWS IoT Services such as Device Shadow and Jobs is provided by code that been generated from a model of the service.
- Contributions Guidelines
License
This library is licensed under the Apache 2.0 License.
Latest released version: v1.21.1
Stable Version
The latest stable version of the package.
Stable Version
1.21.1
HIGH
3
HIGH
6.3/10
Summary
Improper certificate management in AWS IoT Device SDK v2
Affected Versions
< 1.5.3
Patched Versions
1.5.3
HIGH
6.3/10
Summary
Improper certificate management in AWS IoT Device SDK v2
Affected Versions
< 1.6.0
Patched Versions
1.6.0
HIGH
6.3/10
Summary
Improper certificate management in AWS IoT Device SDK v2
Affected Versions
< 1.5.3
Patched Versions
1.5.3
MODERATE
1
MODERATE
6.3/10
Summary
Improper certificate management in AWS IoT Device SDK v2
Affected Versions
< 1.5.1
Patched Versions
1.5.1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/aws/.github/SECURITY.md:1
- Info: Found linked content: github.com/aws/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/aws/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/aws/.github/SECURITY.md:1
Reason
Found 22/29 approved changesets -- score normalized to 7
Reason
7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:24
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/closed-issue-message.yml:1
- Warn: no topLevel permission defined: .github/workflows/handle-stale-discussions.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale_issue.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:345: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:356: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:453: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:463: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed-issue-message.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/closed-issue-message.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/handle-stale-discussions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/stale_issue.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:41
- Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:42
- Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:49
- Warn: npmCommand not pinned by hash: codebuild/samples/connect-linux.sh:12
- Warn: npmCommand not pinned by hash: codebuild/samples/connect-linux.sh:21
- Warn: npmCommand not pinned by hash: codebuild/samples/custom-auth-linux.sh:14
- Warn: npmCommand not pinned by hash: codebuild/samples/pubsub-linux.sh:12
- Warn: npmCommand not pinned by hash: codebuild/samples/pubsub-linux.sh:21
- Warn: npmCommand not pinned by hash: codebuild/samples/setup-linux.sh:12
- Warn: npmCommand not pinned by hash: codebuild/samples/shadow-linux.sh:12
- Warn: npmCommand not pinned by hash: make-docs.sh:20
- Warn: npmCommand not pinned by hash: test/greengrass/basic_discovery/install.sh:5
- Warn: npmCommand not pinned by hash: test/greengrass/ipc/install.sh:5
- Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:134
- Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:182
- Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:221
- Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:402
- Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:403
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 25 third-party GitHubAction dependencies pinned
- Info: 2 out of 15 npmCommand dependencies pinned
- Info: 0 out of 5 pipCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More