Gathering detailed insights and metrics for s3-spa-upload
Gathering detailed insights and metrics for s3-spa-upload
Upload a single page application to S3 with the right content-type and cache-control meta-data
Installations
npm install s3-spa-uploadDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
10.14.1
NPM Version
6.4.1
Score
50.7
Supply Chain
99.5
Quality
75.5
Maintenance
100
Vulnerability
99.6
License
Releases
3
Contributors
1
Unable to fetch Contributors
Languages
2
TypeScript
JavaScript
TypeScript (80.91%)
JavaScript (19.09%)
Developer
ottokruse
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
24 Stars
87 Commits
4 Forks
2 Watching
1 Branches
1 Contributors
Maintainers
1
Package Meta Information
Latest Version
2.1.5
Package Id
s3-spa-upload@2.1.5
Unpacked Size
16.06 kB
Size
5.37 kB
File Count
6
NPM Version
6.4.1
Node Version
10.14.1
Publised On
19 May 2023
Total Downloads
Cumulative downloads
Total Downloads
0
Last day
0%
0
Compared to previous day
Last week
0%
0
Compared to previous week
Last month
0%
0
Compared to previous month
Last year
0%
0
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
5
Versions
S3 SPA Upload
Upload a Single Page Application (React, Angular, Vue, ...) to S3 with the right content-type and cache-control meta-data.
This module uploads the local SPA's build directory to S3, overwriting what's currently on S3.
index.html files are uploaded last, referenced JS/CSS files are uploaded first: so, users will only ever download index.html files that work, even during deployments.
Note: There's no intelligence (yet) to only upload changed files. There's also no intelligence (yet) to split big files in chunks and do multipart upload.
This module requires the following AWS S3 permissions (see sample CloudFormation policy template below):
- s3:PutObject on objects in your bucket
- s3:ListBucket on your bucket (only needed when using --delete option)
- s3:DeleteObject on objects in your bucket (only needed when using --delete option)
Installation
To install globally (for CLI usage):
npm install -g s3-spa-upload
Command Line Usage
Basic usage:
s3-spa-upload dist-dir my-s3-bucket-name
Clean-up old files
To also clean up old files, use the --delete option. This will delete all files in the bucket that are not included in the current upload (limited to the supplied prefix, see below):
s3-spa-upload dist-dir my-s3-bucket-name --delete
Custom cache-control mapping
You can provide your desired cache-control mapping in a json file that contains a mapping from glob patterns to cache-control headers:
1{ 2 "index.html": "no-cache", 3 "*.js": "public,max-age=31536000,immutable" 4}
Suppose your mapping file is called cache-control.json:
s3-spa-upload dist-dir my-s3-bucket-name --cache-control-mapping cache-control.json
If you don't provide a custom mapping, the default will be used, which should be okay for most SPA's, see below.
Upload to a prefix
By default the SPA will be uploaded to the root of your S3 bucket. If you don't want this, specify the prefix to use:
s3-spa-upload dist-dir my-s3-bucket-name --prefix mobile
Note that when used in conjunction with --delete, this means only old files matching that same prefix will be deleted.
Programmatic Usage
1import s3SpaUpload from "s3-spa-upload"; 2// const s3SpaUpload = require('s3-spa-upload') 3 4s3SpaUpload("dir", "bucket").catch(console.error); 5 6// Can supply options: 7const options = { 8 delete: true, 9 prefix: "mobile", 10 cacheControlMapping: { 11 "index.html": "no-cache", 12 "*.js": "public,max-age=31536000,immutable", 13 }, 14 concurrency: 100, // max nr of files to upload to S3 in parallel 15 awsCredentials: { 16 accessKeyId: "...", 17 secretAccessKey: "...", 18 sessionToken: "...", 19 }, // Optional. If not provided explicitly, the AWS SDK will source credentials as usual 20}; 21s3SpaUpload("dir", "bucket", options).catch(console.error);
Default Cache-Control settings
| File/ext | Cache setting | Description |
|---|---|---|
index.html | public,max-age=60,stale-while-revalidate=2592000 | 1 minute, but allow stale content for 30 days, provided a cache refresh request is made also |
css | public,max-age=31536000,immutable | As long as possible |
js | public,max-age=31536000,immutable | As long as possible |
png | public,max-age=86400,stale-while-revalidate=2592000 | One day, but allow stale content for 30 days, provided a cache refresh request is made also |
ico | public,max-age=86400,stale-while-revalidate=2592000 | One day, but allow stale content for 30 days, provided a cache refresh request is made also |
txt | public,max-age=86400,stale-while-revalidate=2592000 | One day, but allow stale content for 30 days, provided a cache refresh request is made also |
Content-Type settings
Based on file extensions using https://www.npmjs.com/package/mime-types
AWS Policy Template
This CloudFormation IAM Policy template grants the needed permissions:
1- Version: "2012-10-17" 2 Statement: 3 - Effect: Allow # This effect is only needed when using the --delete option 4 Action: s3:ListBucket 5 Resource: arn:aws:s3:::your-bucket-name 6 - Effect: Allow 7 Action: 8 - s3:DeleteObject # This action is only needed when using the --delete option 9 - s3:PutObject 10 Resource: arn:aws:s3:::your-bucket-name/*
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-gpv5-7x3g-ghjv
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/28 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
2.5
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More