Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@middy/core
Advanced tools
@middy/core is a middleware engine for AWS Lambda that helps you simplify and streamline your Lambda functions by allowing you to compose them using reusable middleware. It provides a way to handle common concerns such as input validation, error handling, and response formatting in a modular and reusable manner.
Middleware Composition
This feature allows you to compose your Lambda function using multiple middleware. Each middleware can perform specific tasks and then pass control to the next middleware in the chain.
const middy = require('@middy/core');
const middleware1 = (request, next) => { console.log('Middleware 1'); next(); };
const middleware2 = (request, next) => { console.log('Middleware 2'); next(); };
const handler = middy((event, context) => { return { message: 'Hello World' }; })
.use(middleware1)
.use(middleware2);
exports.handler = handler;
Error Handling
This feature allows you to handle errors in a centralized manner. The errorHandler middleware catches any errors thrown by the Lambda function and sets a custom response.
const middy = require('@middy/core');
const errorHandler = (request, next) => { try { next(); } catch (err) { console.error(err); request.response = { statusCode: 500, body: 'Internal Server Error' }; } };
const handler = middy((event, context) => { throw new Error('Something went wrong'); })
.use(errorHandler);
exports.handler = handler;
Input Validation
This feature allows you to validate the input to your Lambda function. The inputValidator middleware checks if the input is valid and throws an error if it is not.
const middy = require('@middy/core');
const inputValidator = (request, next) => { if (!request.event.body) { throw new Error('Invalid input'); } next(); };
const handler = middy((event, context) => { return { message: 'Input is valid' }; })
.use(inputValidator);
exports.handler = handler;
serverless-middleware is a middleware framework for AWS Lambda functions, similar to @middy/core. It allows you to compose your Lambda functions using middleware, but it is less mature and has fewer built-in middleware options compared to @middy/core.
lambda-middleware is another middleware framework for AWS Lambda functions. It provides a similar middleware composition model as @middy/core but focuses more on simplicity and ease of use. It has a smaller community and fewer plugins compared to @middy/core.
Express is a web application framework for Node.js that provides a robust set of features for web and mobile applications. While not specifically designed for AWS Lambda, it can be used in conjunction with AWS Lambda to handle HTTP requests and middleware. It is more feature-rich and has a larger community compared to @middy/core.
Core component of the middy framework, the stylish Node.js middleware engine for AWS Lambda
You can read the documentation at: https://middy.js.org
To install middy you can use NPM:
npm install --save @middy/core
For documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
Licensed under MIT License. Copyright (c) 2017-2023 Luciano Mammino, will Farrell, and the Middy team.
FAQs
🛵 The stylish Node.js middleware engine for AWS Lambda (core package)
We found that @middy/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.