npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ep_media_upload

v0.2.3

Published

beta - Upload files to S3 and insert hyperlinks into the pad. Requires ep_hyperlinked_text.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dcastelonedcastelone

Keywords

etherpadpluginepmediauploads3fileattachment

Readme

ep_media_upload

Etherpad plugin for secure file uploads via S3 presigned URLs.

Requires: ep_hyperlinked_text

How It Works

  1. User clicks paperclip button → selects file
  2. Client uploads directly to S3 (server never handles file data)
  3. Hyperlink inserted into document pointing to secure download endpoint
  4. On click, Etherpad verifies access and redirects to short-lived S3 URL

S3 bucket can be completely private – downloads go through authenticated Etherpad endpoint.

Configuration

settings.json

"ep_media_upload": {
  "storage": {
    "type": "s3_presigned",
    "region": "us-east-1",
    "bucket": "my-bucket-name",
    "keyPrefix": "uploads/",
    "expires": 900,
    "downloadExpires": 300
  },
  "fileTypes": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "txt", "zip", "mp3", "mp4", "wav", "mov"],
  "maxFileSize": 52428800,
  "inlineExtensions": ["mp3", "mp4", "wav", "mov", "webm", "ogg"]
}

Storage Options

| Option | Required | Default | Description | |--------|----------|---------|-------------| | type | Yes | — | Must be "s3_presigned" | | region | Yes | — | AWS region (e.g., "us-east-1") | | bucket | Yes | — | S3 bucket name | | keyPrefix | No | "" | Prefix for S3 keys (e.g., "uploads/") | | expires | No | 600 | Upload URL expiry in seconds (10 min) | | downloadExpires | No | 300 | Download URL expiry in seconds (5 min) |

Other Options

| Option | Required | Default | Description | |--------|----------|---------|-------------| | fileTypes | No | all | Array of allowed extensions (without dots) | | maxFileSize | No | unlimited | Max file size in bytes | | inlineExtensions | No | [] | Extensions to open inline in browser (streaming). Files not in this list will download. |

Environment Variables

AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...

S3 Setup

Block Public Access

All four "Block Public Access" settings can be enabled since downloads go through Etherpad.

CORS (for uploads)

[{
  "AllowedOrigins": ["https://your-etherpad-domain.com"],
  "AllowedMethods": ["PUT"],
  "AllowedHeaders": ["Content-Type", "Content-Disposition"],
  "MaxAgeSeconds": 3000
}]

IAM Permissions

  • s3:PutObject
  • s3:GetObject

Security

  • Authentication: All endpoints require valid Etherpad session
  • Fail-closed: Requests denied if security module unavailable
  • Rate limiting: 30 requests/IP/minute
  • Input validation: Path traversal protection on all parameters
  • Short-lived URLs: Download links expire quickly (configurable)
  • Audit logging: All uploads/downloads logged

Dependencies

  • @aws-sdk/client-s3
  • @aws-sdk/s3-request-presigner
  • ep_etherpad-lite >= 1.8.6