Changing the way how the payload hashing is dealt with breaks a number of packages depending on this one. The change is not properly documented in the README, which may leave the user chasing and tracking hashs and incorrect signatures for quite some time.

The README shows

v4.createPresignedURL(method, host, path, service, payload[, options])

Earlier, the proper value for AWS IoT / MQTT over websockets signatures for payload was

crypto.createHash('sha256').update('', 'utf8').digest('hex'),

Now the proper value for payload is the empty string

''

The change from earlier to now took place somewhere between 1.2.1 and 1.4.0. I have an application which worked for 1.2.1 and does not connect due to wrong signatures at 1.4.0. Once you have realized the change it is pretty much obvious what has happened - but you can easily spend a day or two until you find the reason.

Therefore I suggest mentioning this in the README as this could save several people a number of headaches. Since I did not make the breaking change and have no idea of the rationale behind, I have no PR but rather suggest this as a change to the original author.