Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@architect/inventory
Advanced tools
@architect/inventory
Architect project resource enumeration utility
Inventory is responsible for interpreting the configuration and shape of a given Architect project, validating its settings, and representing it in a consistent intermediate format.
npm i @architect/inventory
inventory(options[, callback]) → [Promise]
Runs an inventory against your project. Must be passed an options object that may containing the following parameters:
cwd
- String - Absolute file path of the project being inventoriedenv
- Boolean - Queries AWS infra to acquire environment variables for testing
, staging
, and production
environmentslayerValidation
- Boolean (default true
) - Opt into skipping Lambda layer validationrawArc
- String - Raw Architect project manifest string, intended for testing; providing this will ignore your local manifestregion
- String - Sets default AWS region; overrides default, but is overridden by AWS_REGION
env varReturns results via callback
, or returns a promise
if callback
is falsy, and resolves with results.
Inventory returns an object containing two parameters: inv
(the project inventory object) and get
(a getter helper for querying resources).
inv
The inventory object contains the entirety of a project's data, including Architect defaults, project defaults, inferred resources, userland settings layered from the project and function levels, local preferences, etc. An inventory object should be considered the source of truth about the state of your project, and should not be directly mutated.
Top-level inventory parameters that start with an underscore (e.g. _arc
, _project
) denote project metadata or internal diagnostic data; all other parameters represent userland project resources.
In a project inventory, null
values are used as placeholders for known values or options that were not user-defined. The existence of a non-null
value can be inferred as a user having specifically defined a setting. For example: arc.http: null
can be construed as the user having not defined an @http
pragma. This rule has some exceptions:
inv.aws.region
, which is required by the aws-sdk
to function, and will be backfilled if not defined@static
can be defined on its own without any other pragmas, the existence of @http
infers @static
@http
will necessarily make inv.static
non-null
@tables
with stream true
; Inventory would interpret a table with stream true
as a new inv['tables-streams']
resource and thus make inv['tables-streams']
non-null
handlerFile
file path property is present even if the file is not
configFile
file path properties, which will be null
if no file is presentarc create
)get
You do not need to use the get
helper to use a project's inventory, but get
does make it much easier to check for the existence of resources, or find specific resources.
The get
helper works as such: get.{pragma or property}('parameter or name of resource')
. (Not including a parameter or resource name will fail in most cases.)
Examples:
@app
my-app
@http
get /
@events
event
get.app() // Returns my-app; same as accessing `inv.app`
get.http('get /') // Returns `get /` resource data
get.http('get /foo') // Returns undefined
get.http() // Returns undefined
get.static('folder') // Returns 'public' (default inferred by existence of @http); same as accessing `inv.app.static`
get.events('event') // Returns `event` resource data
get.tables('data') // Returns undefined
aws-sdk
caveatInventory conditionally requires aws-sdk
if being used with the env
param (e.g. await inventory({ env: true })
). Early versions of Inventory included aws-sdk
in peerDependencies
, which prior to npm 7 would not automatically install aws-sdk
. This is because Architect assumes you already have aws-sdk
installed via Architect, or that it's available at runtime if you're using Inventory in a Lambda.
However, npm 7 (once again) changed the behavior of peerDependencies
, now automatically installing all peerDependencies
(instead of merely printing a reminder). This means any Lambdas that use Inventory would get a >50MB dependency payload if deployed on a machine with npm 7.
As such, Inventory now errors if the env
param is set, and aws-sdk
is not installed. We are sorry to make this a userland issue, but we feel this is preferable to unnecessarily and invisibly causing aws-sdk
to be installed in Lambdas.
[3.1.1] 2022-05-09
lambda-runtimes
enables nodejs16.x
FAQs
Architect project resource enumeration utility
We found that @architect/inventory demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.