Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@capraconsulting/webapp-deploy-lambda
Advanced tools
CDK construct for deploying a webapp release to S3 and CloudFront
This project contains a CDK Construct for an AWS Lambda Function to handle deployment of a bundled static web application to a S3 bucket while preserving files from previous deployments within a time threshold.
What it does:
A single-page application using code splitting will cause the client to
defer loading lots of files. To avoid a deployment disrupting the user, we
cannot delete the previous files (e.g. using aws s3 sync --delete
), as
that would cause the client to get 404 errors when navigating through the app.
CloudFront will in many cases hide this issue for most of the users due to
its edge caches, but it will still be an issue for users that haven't
updated the application since the day before.
One way of handling this would be to never delete any files from the S3 bucket. That means the bucket will fill up with a lot of old files. This project approaches it differently by deleting old files.
A user that still uses an application deployed five days ago should not be disrupted. To keep this promise we keep the newest deployment that happened more than five days ago, and delete files from older ones that no longer have any reference to them.
aws lambda invoke \
--function-name my-deploy-lambda \
--payload '{
"artifactS3Url": "s3://my-bucket/my-release.tgz"
}' \
/tmp/out.log
Testing locally:
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
# Adjust to your project. See config.py for full list.
export TARGET_BUCKET_URL=s3://my-website/web
export EXPIRE_SECONDS=86400
export DEPLOY_LOG_BUCKET_URL=s3://my-website/deployments.log
export CF_DISTRIBUTION_ID=EKJ2IPY1KTEAR1
# Adjust artifact path.
python -m webapp_deploy.main s3://my-bucket/my-release.tgz
To avoid a race condition in using and updating the deployment log, no concurrent execution of the lambda should be allowed.
As we use S3 to hold the deployment log, there is a potential for a successive deployment to read an older deployment log. This is due to the fact that S3 is eventually consistent. If this happens the files that were deployed by the previous run (being overwritten) will be kept forever, unless they are also references by another deployment.
FAQs
CDK construct for deploying a webapp release to S3 and CloudFront
We found that @capraconsulting/webapp-deploy-lambda demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.