Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@pulumi/pulumi
Advanced tools
@pulumi/pulumi is an infrastructure as code (IaC) tool that allows developers to define, deploy, and manage cloud infrastructure using familiar programming languages like JavaScript, TypeScript, Python, Go, and C#. It integrates with various cloud providers and services, enabling users to create, update, and manage cloud resources programmatically.
Defining Cloud Infrastructure
This feature allows you to define cloud infrastructure using code. In this example, an S3 bucket is created using the AWS provider.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const bucket = new aws.s3.Bucket('my-bucket');
exports.bucketName = bucket.id;
Managing Infrastructure State
Pulumi manages the state of your infrastructure, allowing you to respond to changes. This example sets up an event handler for when a new object is created in the S3 bucket.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const bucket = new aws.s3.Bucket('my-bucket');
bucket.onObjectCreated('onNewObject', async (event) => {
console.log('New object created:', event);
});
Multi-Cloud Deployments
Pulumi supports multi-cloud deployments, allowing you to manage resources across different cloud providers. This example shows how to create an S3 bucket in AWS and a storage account in Azure.
const pulumi = require('@pulumi/pulumi');
const aws = require('@pulumi/aws');
const azure = require('@pulumi/azure');
const awsBucket = new aws.s3.Bucket('aws-bucket');
const azureStorageAccount = new azure.storage.Account('azure-storage', {
resourceGroupName: 'my-resource-group',
accountTier: 'Standard',
accountReplicationType: 'LRS'
});
Terraform by HashiCorp is another popular IaC tool that allows you to define and provision infrastructure using a declarative configuration language. Unlike Pulumi, which uses general-purpose programming languages, Terraform uses its own domain-specific language (HCL). Terraform has a large ecosystem and strong community support.
The AWS Cloud Development Kit (CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Similar to Pulumi, AWS CDK allows you to use familiar programming languages, but it is specific to AWS services.
The Serverless Framework is a tool for building and deploying serverless applications. It focuses on serverless architectures and supports multiple cloud providers. While it shares some similarities with Pulumi in terms of deployment and management, it is more specialized in serverless use cases.
The Pulumi Fabric Node.js SDK lets you write cloud programs in JavaScript.
For now, we only support developers building from source. Eventually we will have a nice installer.
To build and install the SDK, you will first need a few things.
First, install Node.js 6.10.2. We recommend nvm, since it makes it easier
to switch between versions of Node.js. Afterwards, run nvm install 6.10.2
. As part of the build, a custom build
of Node.js 6.10.2 will be downloaded and installed alongside the SDK. This Node binary is identical to Node.js 6.10.2,
except that it has one extra builtin module containing code that is used by the SDK to serialize JavaScript closures.
The custom binary is built from this repo.
Next, we suggest using Yarn for package management. NPM works too, but Yarn is faster and therefore preferred. Please follow the directions on Yarn's website.
The first time you build, you must make configure
to install and prepare native plugins for V8:
$ make configure
Make sure to run this after installing the right version of Node.js above, otherwise it may bind to the wrong version.
To build the SDK, simply run make
from the root directory (sdk/nodejs/
). This will build the code, run tests, and
then "install" the package (by yarn link
ing the resulting bin/
directory).
We recommend putting bin/
on your $PATH
, since the pulumi-langhost-nodejs
executable will be loaded dynamically
by the pulumi
tool whenever it encounters a Node.js program.
The tests will verify that everything works, but feel free to try running pulumi preview
and/or pulumi update
from
the examples/minimal/
directory. Remember to run tsc
first, since pulumi
expects JavaScript, not TypeScript.
0.11.3 (2018-04-13)
Switch to a resource-progress oriented view for pulumi preview, update, and destroy operations (pulumi/pulumi#1116). The operations pulumi preview
, update
and destroy
have far simpler output by default, and show a progress view of ongoing operations. In addition, there is a structured component view, showing a parent operation as complete only when all child resources have been created.
Remove strict dependency on Node v6.10.x (pulumi/pulumi#1139). It is now no longer necessary to use a specific version of Node to run Pulumi programs. Node versions after 6.10.x are supported, as long as they are under Active LTS or are the Current stable release.
FAQs
Pulumi's Node.js SDK
The npm package @pulumi/pulumi receives a total of 580,129 weekly downloads. As such, @pulumi/pulumi popularity was classified as popular.
We found that @pulumi/pulumi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.