Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@vercel/fun
Advanced tools
Local serverless function λ development runtime.
Given a Lambda function like this one:
// example/index.js
exports.handler = function(event, context, callback) {
callback(null, { hello: 'world' });
};
You can invoke this function locally using the code below:
import { createFunction } from '@vercel/fun';
async function main() {
// Starts up the necessary server to be able to invoke the function
const fn = await createFunction({
Code: {
// `ZipFile` works, or an already unzipped directory may be specified
Directory: __dirname + '/example'
},
Handler: 'index.handler',
Runtime: 'nodejs8.10',
Environment: {
Variables: {
HELLO: 'world'
}
},
MemorySize: 512
});
// Invoke the function with a custom payload. A new instance of the function
// will be initialized if there is not an available one ready to process.
const res = await fn({ hello: 'world' });
console.log(res);
// Prints: { hello: 'world' }
// Once we are done with the function, destroy it so that the processes are
// cleaned up, and the API server is shut down (useful for hot-reloading).
await fn.destroy();
}
main().catch(console.error);
ƒun provides an execution environment that closely resembles the real Lambda environment, with some key differences that are documented here:
sbx_user1051
user./var/task
, /var/runtime
, /opt
, etc. Instead, your
function code should use the environment variables that represent these
locations (namely LAMBDA_TASK_ROOT
and LAMBDA_RUNTIME_DIR
).SIGSTOP
signal to the lambda process,
and unfrozen by sending the SIGCONT
signal, not using the cgroup freezer.ƒun aims to support all runtimes that AWS Lambda provides. Currently implemented are:
nodejs
for Node.js Lambda functions using the system node
binarynodejs6.10
for Node.js Lambda functions using a downloaded Node v6.10.0 binarynodejs8.10
for Node.js Lambda functions using a downloaded Node v8.10.0 binarynodejs10.x
for Node.js Lambda functions using a downloaded Node v10.15.3 binarynodejs12.x
for Node.js Lambda functions using a downloaded Node v12.22.7 binarynodejs14.x
for Node.js Lambda functions using a downloaded Node v14.18.1 binarypython
for Python Lambda functions using the system python
binarypython2.7
for Python Lambda functions using a downloaded Python v2.7.12 binarypython3
for Python Lambda functions using the system python3
binary (or fallback to python
)python3.6
for Python Lambda functions using a downloaded Python v3.6.8 binarypython3.7
for Python Lambda functions using a downloaded Python v3.7.2 binarygo1.x
for Lambda functions written in Go - binary must be compiled for your platformprovided
for custom runtimesFAQs
Local Lambda development environment
The npm package @vercel/fun receives a total of 435,208 weekly downloads. As such, @vercel/fun popularity was classified as popular.
We found that @vercel/fun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.