
Research
Security News
Malicious npm Package Wipes Codebases with Remote Trigger
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
@architect/arc-macro-node-prune
Advanced tools
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
@architect/arc-macro-node-prune
Node.js-specific Architect macro based on
node-prune
that cleansnode_modules
cruft from your Functions during deployment
Pruning your node_modules
tree(s) has some inherent risks. While we have found it to be stable and reliable, the packages your project uses may provide different results.
For example: while unlikely, a package that includes and makes use of a file with a commonly .npmignore
d filename may be impacted by this pruner. For a list of files and folders that are pruned, please review the pruner script source.
Run: npm i @architect/arc-macro-node-prune
Then add the following to your Architect project file (usually .arc
):
@macros
architect/arc-macro-node-prune
Note, no
@
in the macro name!
npx deploy
) and watch the filesizes drop 📉In practice, we have seen average filesize and file count reductions of about 25-30% across the board. That's a meaningful number for cloud functions!
If for whatever reason you need to disable the macro, simply comment it out in (or remove it from) your Architect project file:
@macros
# architect/arc-macro-node-prune
src/shared
and src/views
into all Functions' node_modules
dirs by default.
node_modules
folders within src/shared
or src/views
will not be pruned.[1.0.0] 2020-03-08
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
FAQs
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
The npm package @architect/arc-macro-node-prune receives a total of 0 weekly downloads. As such, @architect/arc-macro-node-prune popularity was classified as not popular.
We found that @architect/arc-macro-node-prune demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
Security News
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.