
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@linzjs/lambda
Advanced tools
### _A minimal lambda wrapper for LINZ Javascript lambda function development_
@type: "report"
duration
& metrics using @linzjs/metricsThis repository wraps the default lambda handler so it can be invoked by ALB, API Gateway or Cloudfront without requiring code changes, while also apply a opinionated set of lambda defaults
import { lf, LambdaHttpResponse } from '@linzjs/lambda';
// This works for Cloudfront, FunctionURL, ALB or API Gateway events
export const handler = lf.http();
handler.router.get('/v1/ping', () => new LambdaHttpResponse(200, 'Ok'));
handler.router.get<{ Params: { style: string } }>(
'/v1/style/:style.json',
(req) => new LambdaHttpResponse(200, 'Style: ' + req.params.style),
);
// Handle all requests
handler.router.get('*', () => new LambdaHttpResponse(404, 'Not found'));
// create middleware to validate api key on all requests
handler.router.hook('request', (req) => {
const isApiValid = validateApiKey(req.query.get('api'));
// Bail early
if (!isApiValid) return new LambdaHttpResponse(400, 'Invalid api key');
// Continue
return;
});
import { lf } from '@linzjs/lambda';
export const handler = lf.handler<S3Event>(async (req) => {
if (req.event.Records.length === 0) throw new Error('No records provided');
for (const evt of req.event.Records) {
req.log.info({ key: evt.key }, 'Request s3');
}
});
A ULID is generated for every request and can be accessed at req.id
every log message generated by req.log
will by include the request id.
Simple timing events can be tracked with timer
see @linzjs/metrics
req.timer.start('some:event');
// Do Work
const duration = req.timer.end('some:event');
TODO: this should eventually be replaced by open telemetry spans
At the end of every request a metalog is logged with use information for monitoring and alerting in something like elasticsearch, to add additional keys to the metatalog use req.set()
req.set('xyz', { x, y, z });
req.set('location', { lat, lon });
Automatically includes a configured pino logger
function doRequest(req) {
req.log.info('Some Log line'); // Includes useful information like requestId
}
This can be overridden at either the wrapper
export const handler = lf.wrap(doRequest, myOwnLogger);
of set a different default logger
lf.logger = myOwnLogger;
export const handler = lf.wrap(doRequest);
4.1.0 (2023-08-14)
FAQs
### _A minimal lambda wrapper for LINZ Javascript lambda function development_
We found that @linzjs/lambda demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.