
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
@architect/arc-macro-node-prune
Advanced tools
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
@architect/arc-macro-node-prune
Node.js-specific Architect macro based on
node-prune
that cleansnode_modules
cruft from your Functions during deployment
Pruning your node_modules
tree(s) has some inherent risks. While we have found it to be stable and reliable, the packages your project uses may provide different results.
For example: while unlikely, a package that includes and makes use of a file with a commonly .npmignore
d filename may be impacted by this pruner. For a list of files and folders that are pruned, please review the pruner script source.
Run: npm i @architect/arc-macro-node-prune
Then add the following to your Architect project file (usually .arc
):
@macros
architect/arc-macro-node-prune
Note, no
@
in the macro name!
npx deploy
) and watch the filesizes drop 📉In practice, we have seen average filesize and file count reductions of about 25-30% across the board. That's a meaningful number for cloud functions!
If for whatever reason you need to disable the macro, simply comment it out in (or remove it from) your Architect project file:
@macros
# architect/arc-macro-node-prune
src/shared
and src/views
into all Functions' node_modules
dirs by default.
node_modules
folders within src/shared
or src/views
will not be pruned.FAQs
Architect serverless framework macro that cleans node_modules cruft from your cloud functions during deployment
The npm package @architect/arc-macro-node-prune receives a total of 2 weekly downloads. As such, @architect/arc-macro-node-prune popularity was classified as not popular.
We found that @architect/arc-macro-node-prune demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.