Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@backstage/backend-dynamic-feature-service
Advanced tools
Backstage dynamic feature service
This package adds experimental support for dynamic backend features (plugins and modules), according to the content of the proposal in RFC 18390
In order to test the dynamic backend plugins feature provided by this package, example applications, as well as example dynamic plugins have been provided in provided in the showcase repository, and instructions are provided in the related Readme.
The dynamic plugin manager is a service that scans a configured root directory (dynamicPlugins.rootDirectory
in the app config) for dynamic plugin packages, and loads them dynamically.
In the backend
application, it can be enabled by adding the backend-dynamic-feature-service
as a dependency in the package.json
and the following lines in the src/index.ts
file:
const backend = createBackend();
+
+ backend.add(dynamicPluginsFeatureLoader) // provides features loaded by dynamic plugins
+
Due to some limitations of the current backstage codebase, the plugins need to be completed and repackaged to by used as dynamic plugins:
dynamicPluginInstaller
) of a specific type (BackendDynamicPluginInstaller
), as can be found in the src/dynamic
sub-folder of each dynamic plugin example provided in the showcase repository.package.json
file in which dependencies are updated to share @backstage
dependencies with the main application.Points 2 and 3 can be done by the export-dynamic-plugin
CLI command used to perform the repackaging
export-dynamic-plugin
commandThe export-dynamic-plugin
CLI command, used the dynamic plugin examples provided in the showcase repository, is part of the @janus-idp/cli
package, and can be used to help packaging the dynamic plugins according to the constraints mentioned above, in order to allow straightforward testing of the dynamic plugins feature.
However the backend-dynamic-feature-service
experimental package does not depend on the use of this additional CLI command, and in future steps of this backend dynamic plugin work, the use of such a dedicated command might not even be necessary.
The backend dynamic plugins feature clearly targets the new backend system. However some level of compatibility is provided with current backstage codebase, which still uses the legacy backend system, in order to allow testing and exploring dynamic backend plugin support on the widest range of contexts and installations. However, this is temporary and will be removed once the next backend is ready to be used and has completely replaced the old one. This is why the API related to the old backend is already marked as deprecated.
The current implementation of the dynamic plugin manager is a first step towards the final implementation of the dynamic features loading, which will be completed / simplified in future steps, as the status of the backstage codebase allows it.
FAQs
Backstage dynamic feature service
The npm package @backstage/backend-dynamic-feature-service receives a total of 1,760 weekly downloads. As such, @backstage/backend-dynamic-feature-service popularity was classified as popular.
We found that @backstage/backend-dynamic-feature-service demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.