
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
github.com/andersjanmyr/compute-sdk-go
Experimental Go SDK for building Compute@Edge applications with TinyGo.
The Fastly Developer Hub has a great Quick Start guide for Go.
Alternatively, you can take a look at the Go Starter Kit.
You'll also want to take a look at our Recommended Packages section, as this can help with the sharp edges of the SDK, like JSON support.
First, install TinyGo by following the TinyGo Quick install guide.
Then, you can install compute-sdk-go
in your project by running:
go get github.com/fastly/compute-sdk-go
Examples can be found in the examples
directory.
The Fastly Developer Hub has a collection of common use cases in VCL ported to TinyGo. Which also acts as a great set of introductory examples of using TinyGo on Compute@Edge.
The API reference documentation can be found on pkg.go.dev/github.com/fastly/compute-sdk-go.
Logging can be done using a Fastly Compute@Edge Log Endpoint (example), or by using normal stdout like:
fmt.Printf("request received: %s\n", r.URL.String())
TinyGo is still a new project, which has yet to get a version 1.0.0
. Therefore, the project is incomplete, but in its current state can still handle a lot of tasks on Compute@Edge. For example, some languages features of Go are still missing, such as Reflection support, which is used for things like parsing JSON using the Go standard library. To help with your adoption of compute-sdk-go
, here are some recommended packages to help with some of the current missing language features:
Additional context on JSON support in TinyGo can be found here
The changelog can be found here.
If you find any security issues, see the Fastly Security Reporting Page or send an email to: security@fastly.com
Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly security advisories.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.