Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@capraconsulting/webapp-deploy-lambda
Advanced tools
CDK construct for deploying a webapp release to S3 and CloudFront
This project contains a CDK Construct for an AWS Lambda Function to handle deployment of a bundled static web application to a S3 bucket while preserving files from previous deployments within a time threshold.
What it does:
A single-page application using code splitting will cause the client to
defer loading lots of files. To avoid a deployment disrupting the user, we
cannot delete the previous files (e.g. using aws s3 sync --delete
), as
that would cause the client to get 404 errors when navigating through the app.
CloudFront will in many cases hide this issue for most of the users due to
its edge caches, but it will still be an issue for users that haven't
updated the application since the day before.
One way of handling this would be to never delete any files from the S3 bucket. That means the bucket will fill up with a lot of old files. This project approaches it differently by deleting old files.
A user that still uses an application deployed five days ago should not be disrupted. To keep this promise we keep the newest deployment that happened more than five days ago, and delete files from older ones that no longer have any reference to them.
aws lambda invoke \
--function-name my-deploy-lambda \
--payload '{
"artifactS3Url": "s3://my-bucket/my-release.tgz"
}' \
/tmp/out.log
Testing locally:
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
# Adjust to your project. See config.py for full list.
export TARGET_BUCKET_URL=s3://my-website/web
export EXPIRE_SECONDS=86400
export DEPLOY_LOG_BUCKET_URL=s3://my-website/deployments.log
export CF_DISTRIBUTION_ID=EKJ2IPY1KTEAR1
# Adjust artifact path.
python -m webapp_deploy.main s3://my-bucket/my-release.tgz
FAQs
CDK construct for deploying a webapp release to S3 and CloudFront
The npm package @capraconsulting/webapp-deploy-lambda receives a total of 2,833 weekly downloads. As such, @capraconsulting/webapp-deploy-lambda popularity was classified as popular.
We found that @capraconsulting/webapp-deploy-lambda demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.