Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@architect/sandbox
Advanced tools
Architect dev server: run full Architect projects locally & offline
@architect/sandbox
Architect local development environment: run full Architect projects locally & offline in an in-memory sandbox
npm i @architect/sandbox
npx sandbox
Or if running Sandbox from within @architect/architect
:
npx arc sandbox
-p
, --port
- Manually specify HTTP port
3333
-h
, --host
- Specify the host interface for Sandbox to listen on
0.0.0.0
(all available interfaces on your machine)localhost
-v
, --verbose
- Enable verbose logging-d
, --debug
- Enable debug logging-q
, --quiet
- Disable (most) logging--disable-delete-vendor
- Disable deleting Lambda vendor dirs upon startup--disable-symlinks
- Disable symlinking src/shared
into all functions and use file copying insteadARC_API_TYPE
- Set the API Gateway API type
http
(aliased to httpv2
), httpv1
, rest
http
ARC_ENV
- testing|staging|production
testing
ARC_HOST
- Specify the host interface for Sandbox to listen on
0.0.0.0
(all available interfaces on your machine)localhost
ARC_LOCAL
- If present and used in conjunction with ARC_ENV=staging|production
, emulates live staging
or production
environment
@env
environment variables for the appropriate stageARC_PORT
- Manually specify HTTP port
3333
ARC_EVENTS_PORT
- Manually specify event bus port
4444
ARC_TABLES_PORT
- Manually specify local DynamoDB port
5555
ARC_INTERNAL_PORT
- Manually specify internal Sandbox + AWS services port
2222
ARC_DB_EXTERNAL
- (Boolean) Use an external DynamoDB tool (such as AWS NoSQL Workbench)ARC_QUIET
- If present, disable (most) loggingSandbox is designed to be integrated into your application's test suite. In most cases you'll only need to make use of sandbox.start()
and sandbox.end()
. However, individual Sandbox services can also be individually started and stopped. (See below.)
Methods may be passed an options object containing the following parameters:
apigateway
- String - Specify the API Gateway API type
http
http
(aliased to httpv2
), httpv1
, rest
cwd
- String - Specify a working directory (handy for aiming Sandbox at test mocks)deleteVendor
- Boolean - Delete Lambda vendor dirs upon startup
true
env
- Object - Environment variables for Lambda invocations in automated testing
.env
or prefs.arc
filesundefined
values delete any env vars of the same name set via .env
or prefs.arc
filesport
- String or Number - Specify HTTP port
3333
quiet
- Boolean - Disables (most) loggingrunStartupCommands
- Boolean - Disable @sandbox-start
commands
true
runtimeCheck
- String - Check for runtime version mismatches
warn
Sandbox will warn of mismatches in stdouterror
(suggested for test environments) Sandbox will fail to start upsymlink
- Boolean - Use symlinking to Architect shared code from within each Lambda's dependencies (e.g. src/http/get-index/node_modules/@architect/shared
→ src/shared
)
true
false
copies shared code into each Lambda, which can result much slower startup and dependency rehydration speedswatcher
- Boolean - Disable the Sandbox file watcher (and related Sandbox file watcher plugin API)
true
Start and shut down the Sandbox; unless you have specific per-service needs, we generally advise most folks use this interface for testing
sandbox.start(options[, callback]) → [Promise]
Starts the Sandbox; first checks that ports are available to consume, prints a banner, loads Architect and userland environment variables, hydrates application dependencies, and starts various Sandbox services (including @events
, @queues
, @tables
, @indexes
, @http
, @static
and @ws
).
Invokes callback
once everything is ready, or returns a promise
if callback
is falsy.
sandbox.end([callback]) → [Promise]
Shuts down anything started by sandbox.start()
. Invokes callback
once shut down, or returns a promise
if callback
is falsy.
let sandbox = require('@architect/sandbox')
let test = require('tape')
test('Start the Sandbox', async t => {
t.plan(1)
let result = await sandbox.start()
t.equal(result, 'Sandbox successfully started')
})
test('Tests go here', t => {
// Make use of various Sandbox resources in your tests...
})
test('Shut down the Sandbox', async t => {
t.plan(1)
let result = await sandbox.end()
t.equal(result, 'Sandbox successfully shut down')
})
let sandbox = require('@architect/sandbox')
beforeAll(async () => {
let result = await sandbox.start()
expect(result).toBe('Sandbox successfully started')
})
afterAll(async () => {
let result = await sandbox.end()
expect(result).toBe('Sandbox successfully shut down')
})
test('Tests go here', () => {
// Make use of various Sandbox resources in your tests...
})
The tests in this repository require that you have the deno
runtime installed on your local machine. Install deno
by visiting: https://deno.land/#installation
To work on sandbox, first make sure you have installed the dependencies:
npm install
To run all tests, including the linter:
npm test
To run just the linter:
npm run lint
To run just the unit tests (which are located under test/unit
):
npm run test:unit
To get a code coverage report based on unit test execution:
npm run coverage
To run just the integration tests (which are located under `test/integration'):
npm run test:integration
To make tests run extra noisy-like, add the NOISY_TESTS=true
env var
FAQs
Architect dev server: run full Architect projects locally & offline
We found that @architect/sandbox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.