Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@adastradev/serverless-discovery-sdk
Advanced tools
The last serverless micro-service you'll ever wonder how to find
The AWS Serverless Discovery SDK interacts with a discovery microservice to discover endpoints for micro-services written for a serverless architecture. This is similar to clustered services such as Consul or ZooKeeper, but without the concept of instances or nodes that must be monitored for online state. This library is designed to support use both on the server side (for service-to-service lookups) and on the browser/client side.
This project contains the Typescript/Javascript bindings for the discovery service; Other bindings can be found in the AdAstraDev organization on GitHub
npm install @adastradev/serverless-discovery-sdk
Semver versioning is supported by the discovery service 1.1.x. Pass a semver compatible value in the lookupService
call to receive the newest compatible matching version.
Services and their desired versions can also be specified in the cloudDependencies
field of package.json
.
{
"cloudDependencies": {
"service1": "1.x",
"service2": "^1.2.8-testbranch", // A pre-release version for development purposes
"service3": "3.x.x"
}
}
In some testing environments, it can be useful to modify the lookup version to avoid collision with a production environment. If the VERSION_POSTFIX
environment variable at runtime, it will always append this to the version of a lookup call.
If you are looking up services which are highly coupled or are not well isolated, and using them for system tests, you should:
VERSION_POSTFIX
environment variable set to -staging
If there is a lookup for serviceA, version 1.1.0
, it will instead only talk to 1.1.0-staging
. All lookup calls will follow a similar pattern while the environment variable is present.
TL;DR: If you are looking up services which are not well isolated, and rely on a staging environment to avoid operations on prod databases/resources, add the following to your pipeline in a staging deployment/testing step.
bitbucket-pipelines.yml:
- export VERSION_POSTFIX='-staging'
# Deployment steps follow...
serverless.yml
provider:
environment:
VERSION_POSTFIX: ${env:VERSION_POSTFIX, ''}
I recommend setting up a utility function to handle construction of the SDK, and the lookup call - see below example.
import { DiscoverySdk } from '@adastradev/serverless-discovery-sdk';
export default async function lookup(serviceName) {
const sdk = new DiscoverySdk(
process.env.DISCOVERY_SERVICE_URL,
process.env.DISCOVERY_SERVICE_REGION,
// Non-versioned services will default to lookup via this stage
process.env.DEFAULT_STAGE,
undefined,
// Create map of cloudDependencies from package.json
new Map(Object.entries(require('../path/to/package.json')['cloudDependencies'])),
);
const endpoints = await sdk.lookupService(
serviceName
);
return endpoints[0];
}
FAQs
Serverless Service Discovery API
The npm package @adastradev/serverless-discovery-sdk receives a total of 372 weekly downloads. As such, @adastradev/serverless-discovery-sdk popularity was classified as not popular.
We found that @adastradev/serverless-discovery-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.