npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

alioss-sign-v4-util

v1.1.0

Published

Sign url or header for AliYun OSS (V4)

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

chcs1013chcs1013

Keywords

signatureossstoragecloudsign

Readme

Notice: Currently this library CANNOT sign with a STS token. Will be added later.

Notice: If you give a string url, we'll process it automatically. However, if you give a URL Object, please remember to pre-process:

url = new URL(encodeURIComponent(url.href).replace(/\%2F/ig, '/'));

Usage

import { sign_url } from 'alioss-sign-v4-util';

const url = 'https://your-bucket.oss-cn-hangzhou.aliyuncs.com/test.txt';
// The following parameters are required for the V4 signature
const ak = 'your-access-key-id', sk = 'your-access-key-secret';
const bucket = 'your-bucket', region = 'oss-cn-hangzhou';

// sign the url
const signed = await sign_url(url, {
    access_key_id: ak,
    access_key_secret: sk,
    additionalHeadersList: {}, // optional
    base_url: undefined, // not necessary
    expires: 60, // optional, default is 60 seconds
    bucket: bucket,
    region: region,
    method: 'GET', // optional, default is 'GET'
});
// then you can GET the signed url.
// If you want to PUT a file, you can use the same url, but change the method to 'PUT'.
// Please note that you must use 'Content-Type' to PUT, because browser will send the header if you do not set it manually.
const headers = {
    "Content-Type": "text/plain; charset=utf-8", // do not forget to set charset
}
const signedPut = await sign_url(url, {
    access_key_id: ak,
    access_key_secret: sk,
    additionalHeadersList: headers, // optional in GET, but **MUST** be set if you want to PUT a file
    expires: 60, // optional, default is 60 seconds
    bucket: bucket,
    region: region,
    method: 'PUT',
});
// then you can PUT the file to the signed url.
const resp = await fetch(signedPut, {
    method: 'PUT',
    headers: headers,
    body: 'Hello World',
});

// To DELETE, the 'Content-Type' header is not necessary.
// Examples of sign_header
import { sign_header } from 'alioss-sign-v4-util';
// common params...
const url = 'https://your-bucket.oss-cn-hangzhou.aliyuncs.com/test.txt';
const ak = 'your-access-key-id', sk = 'your-access-key-secret';
const bucket = 'your-bucket', region = 'oss-cn-hangzhou';

// send the request
const resp = await fetch(url, {
    method: 'GET',
    headers: {
        "Authorization": await sign_header(url, {
            access_key_id: ak,
            access_key_secret: sk,
            // additionalHeadersList: {}, // optional
            expires: 60, // optional, default is 60 seconds
            bucket: bucket,
            region: region,
            method: 'GET', // optional, default is 'GET'
        }),
    }
});
// then you can proceed the response

/// Same as above. For PUT you need to set the 'Content-Type' header.

Security

We use crypto-js to create the HMAC SHA256, so it should be secure.

Known Issues

  • The sign_url function is not compatible with STS tokens. We will add this feature later.
  • Lack of d.ts file. We will add this feature later.

License

Unlicense - This is free and unencumbered software released into the public domain. You can do whatever you want with it. No warranty is given.