Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@architect/arc-plugin-node-prune
Advanced tools
@architect/arc-plugin-node-prune
Architect serverless framework plugin that runs node-prune on functions prior to deployment
@architect/arc-plugin-node-prune
Node.js-specific Architect plugin based on
node-prunethat cleansnode_modulescruft from your Functions during deployment
Warning
Pruning your node_modules tree(s) has some inherent risks. While we have found it to be stable and reliable, the packages your project uses may provide different results.
For example: while unlikely, a package that includes and makes use of a file with a commonly .npmignored filename may be impacted by this pruner. For a list of files and folders that are pruned, please review the script.
Installation
-
Run:
npm i @architect/arc-plugin-node-prune -
Then add the following to your Architect project file (usually
.arc):
@plugins
architect/arc-plugin-node-prune
Note, no
@in the plugin name!
- Deploy your project (
npx deploy) and watch the filesizes drop 📉
Results
In practice, we have seen average filesize and file count reductions of about 25-30% across the board. That's a meaningful number for cloud functions!
Disabling the plugin
If for whatever reason you need to disable the plugin, simply comment it out in (or remove it from) your Architect project file:
@plugins
# architect/arc-plugin-node-prune
Limitations
- Architect supports shared code by selectively copying
src/sharedandsrc/viewsinto all Functions'node_modulesdirs by default.- Because this plugin runs just prior to deployment, it must avoid Architect shared code dirs so as not to inadvertently destroy user files.
- As such, any modules shared via
src/sharedandsrc/viewswill not be pruned.
- This plugin relies on shelling out to a bash script, so ymmv on Windows.
[1.0.0 - 1.0.1] 2019-02-03
Changed
- Removes binary dists in favor of bash-based operations
- Massively smaller module payload
- Needed to ensure we can ignore files in
@architect/[shared|views], which are Architect's shared code paths copied into Functions'node_modules - No human-discernible perf impact on normal size projects
FAQs
Architect serverless framework plugin that runs node-prune on functions prior to deployment
The npm package @architect/arc-plugin-node-prune receives a total of 9 weekly downloads. As such, @architect/arc-plugin-node-prune popularity was classified as not popular.
We found that @architect/arc-plugin-node-prune demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 04 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025