Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@middy/core
Advanced tools
🛵 The stylish Node.js middleware engine for AWS Lambda (core package)
@middy/core is a middleware engine for AWS Lambda that helps you simplify and streamline your Lambda functions by allowing you to compose them using reusable middleware. It provides a way to handle common concerns such as input validation, error handling, and response formatting in a modular and reusable manner.
Middleware Composition
This feature allows you to compose your Lambda function using multiple middleware. Each middleware can perform specific tasks and then pass control to the next middleware in the chain.
const middy = require('@middy/core');
const middleware1 = (request, next) => { console.log('Middleware 1'); next(); };
const middleware2 = (request, next) => { console.log('Middleware 2'); next(); };
const handler = middy((event, context) => { return { message: 'Hello World' }; })
.use(middleware1)
.use(middleware2);
exports.handler = handler;
Error Handling
This feature allows you to handle errors in a centralized manner. The errorHandler middleware catches any errors thrown by the Lambda function and sets a custom response.
const middy = require('@middy/core');
const errorHandler = (request, next) => { try { next(); } catch (err) { console.error(err); request.response = { statusCode: 500, body: 'Internal Server Error' }; } };
const handler = middy((event, context) => { throw new Error('Something went wrong'); })
.use(errorHandler);
exports.handler = handler;
Input Validation
This feature allows you to validate the input to your Lambda function. The inputValidator middleware checks if the input is valid and throws an error if it is not.
const middy = require('@middy/core');
const inputValidator = (request, next) => { if (!request.event.body) { throw new Error('Invalid input'); } next(); };
const handler = middy((event, context) => { return { message: 'Input is valid' }; })
.use(inputValidator);
exports.handler = handler;
serverless-middleware is a middleware framework for AWS Lambda functions, similar to @middy/core. It allows you to compose your Lambda functions using middleware, but it is less mature and has fewer built-in middleware options compared to @middy/core.
lambda-middleware is another middleware framework for AWS Lambda functions. It provides a similar middleware composition model as @middy/core but focuses more on simplicity and ease of use. It has a smaller community and fewer plugins compared to @middy/core.
Express is a web application framework for Node.js that provides a robust set of features for web and mobile applications. While not specifically designed for AWS Lambda, it can be used in conjunction with AWS Lambda to handle HTTP requests and middleware. It is more feature-rich and has a larger community compared to @middy/core.
Core component of the middy framework, the stylish Node.js middleware engine for AWS Lambda
To install middy you can use NPM:
npm install --save @middy/core
For documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.
FAQs
🛵 The stylish Node.js middleware engine for AWS Lambda (core package)
The npm package @middy/core receives a total of 244,852 weekly downloads. As such, @middy/core popularity was classified as popular.
We found that @middy/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.