npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

ooss

v1.0.2

Published

Zero-dependency S3-compatible signed URL generator and region data

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

minosssminosss

Keywords

aliyunossa1s3r2alibabacloudstorageuploadtypescriptsdk

Readme

ooss

A lightweight, zero-dependency TypeScript library for S3-compatible signed URL generation and request signing.

只处理签名链接,适用于客户端直传或者一些可用签名链接实现的功能。不想安装依赖可以复制 src/core.ts 文件直接使用。

Features

  • 🎯 Focused: Only handles S3 V4 signature generation (GET/PUT).
  • 🪶 Lightweight: Zero dependencies. Uses native crypto and fetch.
  • 💎 Portable: src/core.ts is a single, self-contained file. Copy it anywhere.
  • 🌍 Region Data: Optional built-in region lists for AWS S3, Cloudflare R2, and Aliyun OSS.
  • 🚀 Modern: Optimized for Node 22+, Browsers, and Edge Workers.

Installation

npm install ooss

Quick Start

import { signUrl } from 'ooss';

const url = await signUrl({
  accessKeyId: process.env.S3_KEY!,
  accessKeySecret: process.env.S3_SECRET!,
  region: 'us-east-1',
  bucket: 'my-bucket'
}, 'path/to/object.jpg');

console.log(url); // https://my-bucket.s3.us-east-1.amazonaws.com/path/to/object.jpg?X-Amz-Algorithm=...

Examples

AWS S3 (Standard)

import { signUrl } from 'ooss';

const url = await signUrl({
  accessKeyId: 'AKIA...',
  accessKeySecret: 'secret',
  region: 'us-west-2',
  bucket: 'my-app-assets'
}, 'images/logo.png', {
  expires: 3600, // 1 hour
  method: 'GET'
});

Cloudflare R2 (Custom Endpoint)

Cloudflare R2 requires the endpoint field (Account ID based).

import { signUrl } from 'ooss';

const url = await signUrl({
  accessKeyId: 'r2-key',
  accessKeySecret: 'r2-secret',
  region: 'auto',
  bucket: 'my-bucket',
  endpoint: 'https://<ACCOUNT_ID>.r2.cloudflarestorage.com'
}, 'data.json');

Aliyun OSS (With Temporary Credentials)

Supports standard S3-compatible V4 signing for Aliyun OSS.

import { signUrl } from 'ooss';

const url = await signUrl({
  accessKeyId: 'STS.AccessKeyId',
  accessKeySecret: 'STS.AccessKeySecret',
  securityToken: 'STS.SecurityToken', // Required for temporary credentials
  region: 'cn-hangzhou',
  bucket: 'my-oss-bucket',
  endpoint: 'https://my-oss-bucket.oss-cn-hangzhou.aliyuncs.com'
}, 'backup.zip', {
  method: 'PUT',
  contentType: 'application/zip'
});

Built-in Region Data

You can import lists of regions for convenience:

import { S3_REGIONS } from 'ooss/regions/s3';
import { R2_REGIONS } from 'ooss/regions/r2';
import { A1_REGIONS } from 'ooss/regions/a1';

Portable Core (Copy & Paste)

If you don't want to add a dependency to your project, you can simply copy the src/core.ts file. It contains the complete HMAC-SHA256 signature logic and types in a single file.

// After copying src/core.ts to your local project:
import { signatureUrlV4 } from './core';

const url = await signatureUrlV4(config, key, options);

API

signUrl(config, objectKey, options?)

| Parameter | Type | Description | | :--- | :--- | :--- | | config.accessKeyId | string | Required. AccessKey ID. | | config.accessKeySecret | string | Required. AccessKey Secret. | | config.region | string | Required. Region (e.g., us-east-1). | | config.bucket | string | Required. Bucket name. | | config.endpoint | string | Optional. Custom S3 endpoint URL. | | config.securityToken| string | Optional. For temporary credentials. | | objectKey | string | The path to the object in the bucket. | | options.method | string | HTTP method (GET, PUT, etc.). Default GET. | | options.expires | number | Expiration in seconds. Default 3600. | | options.contentType| string | Required for PUT requests if you want to enforce it. |

License

MIT