Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
cdk-nextjs-standalone
Advanced tools
Deploy a NextJS app to AWS using CDK. Uses standalone build and output tracing.
A CDK construct to deploy a NextJS 12.3.0+ app using AWS CDK.
Uses the standalone output build mode.
import path from 'path';
import { Nextjs } from 'cdk-nextjs-standalone';
new Nextjs(this, 'Web', {
path: './web', // relative path to nextjs project root
});
Deploys a NextJs static site with server-side rendering and API support. Uses AWS lambda and CloudFront.
There is a new (since Next 12) standalone
output mode which uses output tracing to generate a minimal server and static files.
This standalone server can be converted into a CloudFront distribution and a lambda handler that translates between a APIGatewayProxyV2 request/response and Next request/response.
The CloudFront default origin first checks S3 for static files and falls back to an HTTP origin using a lambda function URL.
This approach is most compatible with new NextJs features such as ESM configuration and middleware.
The @serverless-nextjs project uses the deprecated serverless
NextJs build target which prevents the use of new features.
This construct was created to use the new standalone
output build and newer AWS features like lambda function URLs and fallback origins.
This is experimental and a work in progress. I hope others can benefit from it and contribute to make it more stable and featureful.
I have managed to get the server bundling working even under the most finicky of circumstances (pnpm monorepo). Server-side rendering works. Static files and public files work.
NextJs requires the sharp
native library. It is provided in a zip file from lambda-layer-sharp.
All other required dependencies should be bundled by NextJs output tracing. This standalone output is included in the lambda function bundle.
Testing with sst-prisma:
Duration: 616.43 ms Billed Duration: 617 ms Memory Size: 2048 MB Max Memory Used: 131 MB Init Duration: 481.08 ms
On my nextjs app using Material-UI
Duration: 957.56 ms Billed Duration: 958 ms Memory Size: 1024 MB Max Memory Used: 127 MB Init Duration: 530.86 ms
This module is largely made up of code from the above projects.
BucketDeployment
takes care of that for uspublic
dir supposed to be handled? (Right now using an OriginGroup to look in the S3 origin first and if 403/404 then try lambda origin)export interface NextjsSstProps extends NextjsProps {
app: App;
}
class NextjsSst extends Nextjs {
constructor(scope: Construct, id: string, props: NextjsSstProps) {
const app = props.app;
super(scope as any, id, {
...props,
isPlaceholder: app.local,
tempBuildDir: app.buildDir,
// make path relative to the app root
nextjsPath: path.isAbsolute(props.nextjsPath) ? path.relative(app.appPath, props.nextjsPath) : props.nextjsPath,
});
this.registerSiteEnvironment();
}
protected registerSiteEnvironment() {
const environmentOutputs: Record<string, string> = {};
for (const [key, value] of Object.entries(this.props.environment || {})) {
const outputId = `SstSiteEnv_${key}`;
const output = new CfnOutput(this, outputId, { value });
environmentOutputs[key] = Stack.of(this).getLogicalId(output);
}
const app = this.node.root as App;
app.registerSiteEnvironment({
id: this.node.id,
path: this.props.path,
stack: Stack.of(this).node.id,
environmentOutputs,
} as BaseSiteEnvironmentOutputsInfo);
}
}
It should be possible to build the lambda handler as a Lambda@Edge function, the main blocker is resolving the CDK tokens in env vars on the server side because edge functions cannot have environment variables. These tokens are not present at build-time. One of these issues needs to be fixed for that to work most likely: https://github.com/vercel/next.js/issues/40827 https://github.com/aws/aws-cdk/issues/19257
FAQs
Deploy a NextJS app to AWS using CDK and OpenNext.
The npm package cdk-nextjs-standalone receives a total of 790 weekly downloads. As such, cdk-nextjs-standalone popularity was classified as not popular.
We found that cdk-nextjs-standalone demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.