Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
clusternator
Advanced tools
Program to deploy docker containers on cloud service platforms with minimal user input, and/or configuration
clusternator
CLInpm install -g clusternator
Check and see if it installed successfully
clusternator --help
This is the hard part (kinda, not really). The application definition file
(which we will call appdef.json
) is a JSON file which specifies the following
details about how to run your application:
You can create an appdef.json
by running clusternator app:new > appdef.json
.
More information about the parameters can be found at
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html
Chances are any sophisticated application will need to connect to one or more services that require authentication. Currently the best implemented way of working with the clusternator, and configurations is to keep the configurations in an encrypted file in the repository.
Clusternator has some commands to help with AES256 encrypting your configs, and automating the process:
To generate a cryptographically secure passphrase:
clusternator make-pass
To encrypt all of the assets listed in a given project's clusternator.json
's private
field:
clusternator make-private -p some-long-passphrase-over-thirty-characters
To decrypt all of the assets (if they've already been encrypted)
clusternator read-private -p some-long-passphrase-over-thirty-characters
Ideally this process should be automated with a pre-commit git hook, and post commit. That way the developer can work freely with local Dockers, or VM's, and not have to worry about committing private credentials.
Clusternator currently recommends keeping all private credentials in a project-root/.private
folder to keep intentions
clear.
yay contributions!
All code is in src/
. The CLI entry point is bin/clusternatorCli.js
,
but includes from lib/
(the compile destination).
bin/clusternatorCli-es5.js
is ultimately what gets run as the CLI
from bin/clusternator.sh
.
There are unit tests, and e2e tests. Unit tests can be done by running
npm test
, assuming the project has been npm install
'd. This is an alias
to gulp test-unit
The e2e tests require AWS credentials, and can be run directly from gulp with
gulp test-e2e
The gulp test
task will run both the unit, and e2e tests.
Code coverage can be found after tests are run, and is located in the
(generated) coverage
folder. Coverage includes lcov, json, and html.
npm run build
will transform your ES6 source into ES5
gulp transpile
will transpile src/**/*.js
to lib/**/*.js
gulp watch
will look at src/**/*.js
, and transpile them to lib/**/*.js
Run ./bin/clusternator.sh
from the root directory.
Requires the Current Working Directory to be a git repository, or a subfolder
within a git repository. The command will interactively create a
.clusternator
file in the project's root directory, and will provision the
networking infrastructure for a project on AWS. This currently requires an
existing VPC, and Route (AWS bootstrapping coming soon!),
Copyright (c) 2015, rangle.io All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
Program to deploy docker containers on cloud service platforms with minimal user input, and/or configuration
The npm package clusternator receives a total of 14 weekly downloads. As such, clusternator popularity was classified as not popular.
We found that clusternator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.