Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
constructs
Advanced tools
The 'constructs' npm package provides a framework for defining cloud infrastructure in code by composing and sharing reusable components known as constructs. Constructs can represent low-level resources such as a virtual machine, a database, or a piece of code, as well as higher-level abstractions that are composed of these resources. The package is designed to be used with the AWS Cloud Development Kit (CDK) but is also general enough to be used in other contexts.
Defining Constructs
This feature allows developers to define their own constructs by extending the Construct class. Constructs can encapsulate any number of child constructs and resources, providing a way to create reusable and composable infrastructure components.
{"const { Construct } = require('constructs');\n\nclass MyConstruct extends Construct {\n constructor(scope, id) {\n super(scope, id);\n // Define resources and other constructs here\n }\n}\n\nconst app = new Construct();\nconst myConstruct = new MyConstruct(app, 'MyConstructId');"}
Composing Constructs
This feature demonstrates how to compose constructs within other constructs, allowing for the creation of complex infrastructure systems by nesting constructs.
{"const { Construct } = require('constructs');\n\nclass MyConstruct extends Construct {\n // ...\n}\n\nclass MyCompositeConstruct extends Construct {\n constructor(scope, id) {\n super(scope, id);\n new MyConstruct(this, 'NestedConstruct');\n }\n}\n\nconst app = new Construct();\nconst myComposite = new MyCompositeConstruct(app, 'MyCompositeConstructId');"}
Synthesizing Constructs
This feature shows how to synthesize a construct, which means to generate a representation of the construct's state, typically for the purpose of deploying infrastructure. The 'synthesize' method is part of the 'Node' class, which provides context and lifecycle methods for constructs.
{"const { Construct, Node } = require('constructs');\n\nclass MyConstruct extends Construct {\n // ...\n}\n\nconst app = new Construct();\nconst myConstruct = new MyConstruct(app, 'MyConstructId');\n\nconst synthesized = Node.of(myConstruct).synthesize();\nconsole.log(synthesized);"}
The 'serverless' package allows for defining serverless applications using a simple and concise configuration file. It is similar to 'constructs' in that it enables infrastructure as code, but it is focused specifically on serverless use cases and provides a different abstraction level and feature set.
Pulumi is an infrastructure as code tool that allows developers to define infrastructure using general-purpose programming languages. Similar to 'constructs', Pulumi provides a way to create, deploy, and manage cloud infrastructure, but it does not use the construct paradigm and instead relies on standard programming constructs and classes.
Define composable configuration models through code
This project has adopted the Amazon Open Source Code of Conduct.
We welcome community contributions and pull requests. See our contribution guide for more information on how to report issues, set up a development environment and submit code.
This project is distributed under the Apache License, Version 2.0.
FAQs
A programming model for software-defined state
We found that constructs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.