Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@architect/inventory
Advanced tools
@architect/inventory
Architect project resource enumeration utility
Inventory is responsible for interpreting the configuration and shape of a given Architect project, validating its settings, and representing it in a consistent intermediate format.
npm i @architect/inventory
inventory(options[, callback]) → [Promise]
Runs an inventory against your project. Must be passed an options object that may containing the following parameters:
cwd
- String - Absolute file path of the project being inventoriedenv
- Boolean - Queries AWS infra to acquire environment variables for testing
, staging
, and production
environmentsregion
- String - Sets default AWS region; overrides default, but is overridden by AWS_REGION
env varrawArc
- String - Raw Architect project manifest string, intended for testing; providing this will ignore your local manifestReturns results via callback
, or returns a promise
if callback
is falsy, and resolves with results.
Inventory returns an object containing two parameters: inv
(the project inventory object) and get
(a getter helper for querying resources).
inv
The inventory object contains the entirety of a project's data, including Architect defaults, project defaults, inferred resources, userland settings layered from the project and function levels, local preferences, etc. An inventory object should be considered the source of truth about the state of your project, and should not be directly mutated.
Top-level inventory parameters that start with an underscore (e.g. _arc
, _project
) denote project metadata or internal diagnostic data; all other parameters represent userland project resources.
In a project inventory, null
values are used as placeholders for known values or options that were not user-defined. The existence of a non-null
value can be inferred as a user having specifically defined a setting. For example: arc.http === null
can be construed as the user having not defined an @http
pragma. This rule has some exceptions:
inv.aws.region
, which is required by the aws-sdk
to function, and will be backfilled if not defined@static
can be defined on its own without any other pragmas, the existence of @http
infers @static
@http
will necessarily make inv.static
non-null
@tables
with stream true
; Inventory would interpret a table with stream true
as a new inv.streams
resource and thus make inv.streams
non-null
Note: The
inv
format is primarily designed and intended for internal use within Architect libraries; as such, Inventory may theoretically introduce breaking changes in its behavior, shape, or naming conventions.
get
You do not need to use the get
helper to use a project's inventory, but get
does make it much easier to check for the existence of resources, or find specific resources.
The get
helper works as such: get.{pragma or property}('parameter or name of resource')
. (Not including a parameter or resource name will fail in most cases.)
Examples:
@app
my-app
@http
get /
@events
event
get.app() // Returns my-app; same as accessing `inv.app`
get.http('get /') // Returns `get /` resource data
get.http('get /foo') // Returns undefined
get.http() // Returns undefined
get.static('folder') // Returns 'public' (default inferred by existence of @http); same as accessing `inv.app.static`
get.events('event') // Returns `event` resource data
get.tables('data') // Returns undefined
FAQs
Architect project resource enumeration utility
The npm package @architect/inventory receives a total of 1,881 weekly downloads. As such, @architect/inventory popularity was classified as popular.
We found that @architect/inventory demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.