Research
Security News
Malicious npm Package Wipes Codebases with Remote Trigger
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
By Kush Pandya - May 30, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@architect/arc-macro-node-prune
Advanced tools
@architect/arc-macro-node-prune
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
@architect/arc-macro-node-prune
Node.js-specific Architect macro based on
node-prunethat cleansnode_modulescruft from your Functions during deployment
Warning
Pruning your node_modules tree(s) has some inherent risks. While we have found it to be stable and reliable, the packages your project uses may provide different results.
For example: while unlikely, a package that includes and makes use of a file with a commonly .npmignored filename may be impacted by this pruner. For a list of files and folders that are pruned, please review the pruner script source.
Installation
-
Run:
npm i @architect/arc-macro-node-prune -
Then add the following to your Architect project file (usually
.arc):
@macros
architect/arc-macro-node-prune
Note, no
@in the macro name!
- Deploy your project (
npx deploy) and watch the filesizes drop 📉
Results
In practice, we have seen average filesize and file count reductions of about 25-30% across the board. That's a meaningful number for cloud functions!
Disabling the macro
If for whatever reason you need to disable the macro, simply comment it out in (or remove it from) your Architect project file:
@macros
# architect/arc-macro-node-prune
Limitations
- Architect supports shared code by selectively copying
src/sharedandsrc/viewsinto all Functions'node_modulesdirs by default.- Because this macro runs just prior to deployment, it must avoid Architect shared code dirs so as not to inadvertently destroy user files.
- As such, any
node_modulesfolders withinsrc/sharedorsrc/viewswill not be pruned.
- This macro relies on shelling out to a bash script, so ymmv on Windows.
[1.0.0] 2020-03-08
Added
- Architect node-prune is now a v6-compatible macro
- Ported from the now-deprecated v5-compatible plugin
- Fixes @arc-plugin-node-prune#7; thanks to @alexbepple for the kick in the pants!
- Improved file counting and formatting of output along the way
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
FAQs
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
The npm package @architect/arc-macro-node-prune receives a total of 0 weekly downloads. As such, @architect/arc-macro-node-prune popularity was classified as not popular.
We found that @architect/arc-macro-node-prune demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 09 Mar 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
By Kirill Boychenko - May 29, 2025
Security News
OpenJS Foundation Is Now a CNA for 40+ JavaScript Projects Under Its Umbrella
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.
By Sarah Gooding - May 29, 2025