Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
@besmarthead/sh-api-framework
Advanced tools
SmartHead framework library for serverless APIs (security, openapi validation, logging ,... )
Annotations and libraries (utils) to help solve common tasks with API. Can be used as NPM package or as Lambda layer.
npm run lambda-layer
create new lambda layer in AWS.env/local.yml
increase version of lambda layernpm run test
to run testnpm run coverage
to run test with coveragenpm run lint
to run lintRequirement: have user in NPM and be part of team: "developers" in organization "besmarthead" (https://www.npmjs.com/settings/besmarthead/teams/team/developers/users)
npm whoami
). If user is not logged: npm login
lerna publish --no-private
All API projects/packages have in package.json
set "private" to true.
When publishing with lerna argument "--no-private", those packages are ignored" from publish.
Doc: lerna#--no-private
Lambda Security implementation (authentication & authorization)
If handler is annotated with @SecuredAPI than API caller must be valid user (e.g. valid token in request):
header: if token is in a different header, set name of header here
isSHAdmin: If set to REQUIRED, user must be SH admin. If set to ALLOW and user is SH admin than other validations are skipped.
Lambda OpenApi validation (request/response validation)
Validation of request / response with Swagger.
/src/openapi-doc.yaml
.serverles.yaml
(to which is handler bind) must be also defined in swagger file.If lambda can be invoked (not as API through AWS Gateway), add configuration invokableLambda
.
httpMethod
and resource
as defined in configurationinvokableLambda: {
httpMethod: 'GET',
resource: '/profile/{id}/activities'
}
(if lambda would be invoked without this configuration - swagger validation would fail, resouce would npt be found)
AWS Lambda functions are monitored with Elastic (logstash, elasticsearch, kibana, ...). If handler is annotated by this method:
Lambda Error handling And Exceptions
src/types/exception.types.ts
FAQs
SmartHead framework library for serverless APIs (security, openapi validation, logging ,... )
We found that @besmarthead/sh-api-framework demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.