Skip to content

v3.974.0 - Changes to AWS SDK internal package dependency version pinning #7686

New issue
New issue
Open
Open
v3.974.0 - Changes to AWS SDK internal package dependency version pinning#7686
Assignees
kuhe
Labels
announcementThis is an announcement issue
@kuhe

Description

@kuhe
kuhe
opened on Jan 27, 2026

New in https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.974.0

No changes are needed by AWS SDK users.

Background information

The AWS SDK for JavaScript v3 is a library made up of multiple packages. The client packages depend on a set of other packages from both the @smithy/* and @aws-sdk/* namespaces, which collectively make up the "core runtime". As can be see in any client's package.json file.

Historically, these interdependencies have been declared with pinned (exact) versions rather than version ranges, to ensure runtime predictability. However, this creates problems for SDK users when your applications need to install more than one client. Using clients with different versions would cause multiple sets of the core runtime to be installed, because each client requires a specific set of versions.

Although it was possible to avoid this by installing clients at contemporaneous versions, e.g.

{
  "name": "your-app",
  "dependencies": {
    "@aws-sdk/client-s3": "<=3.974.0",
    "@aws-sdk/client-dynamodb": "<=3.974.0",
    "@aws-sdk/client-lambda": "<=3.974.0"
  }
}

, this was not a well-known or easy to discover solution. Having multiple versions of the core runtime installed causes a host of problems: compilation issues for TypeScript, and subtle runtime bugs such as prototype mismatch and unintended duplication of singleton objects.

Improvements in v3.974.0

AWS SDK internal dependencies are moving to an open version range model for internal transitive dependencies. Installing disparate client versions, while not directly recommended, will cause fewer issues, since they will resolve to a single version-group of the SDK core runtime at the highest available version. This also means that consumer applications can now update package-lock files to bring in future patches to the core runtime, rather than needing necessarily to update the client version itself.

New package: @aws-sdk/config

In some cases, you may have installed and managed the versions of dependency packages other than the AWS SDK clients. For example, @smithy/node-http-handler or other SDK components used for client customization.

A new package has been created to simplify version management of these configurable dependencies/plugins.

https://www.npmjs.com/package/@aws-sdk/config

Please refer to the package README for details, but in summary, this package uses the same versioning scheme as clients, and exports compatible client customization options.

Example package.json

{
  "name": "your-app",
  "dependencies": {
    "@aws-sdk/client-s3": "<=3.974.0",
    "@aws-sdk/config": "<=3.974.0"
  }
}

Example usage:

import { fromIni } from "@aws-sdk/config/credentials";
import { LogLevel } from "@aws-sdk/config/logger";
import { NodeHttpHandler } from "@aws-sdk/config/requestHandler";

new S3Client({
  credentials: fromIni(),
  logger: new LogLevel("debug", console),
  requestHandler: new (class extends NodeHttpHandler {
    async handle(request) {
      return super.handle(request);
    }
  })(),
});

Metadata

Metadata

Assignees

Labels

announcementThis is an announcement issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions