Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
DEEP Framework
is a serverless web framework, core component of the
Platform-as-a-Service
that abstracts web apps and web services from specific cloud providers. This framework enables developers build
cloud-native applications or platforms using microservices architecture
in a completely serverless approach.
At this moment only Amazon Web Services is supported. Developers are encouraged to add support for Microsoft Azure, Google Cloud Platform, and so on.
DEEP Framework
can be used as a module in front-end or back-end. To learn more, scroll down to
What is DEEP Framework?
To see the power of DEEP Framework
, execute the following 4 simple steps in command line:
npm install deepify -g
deepify is a collection of tools that empower developers and devops engineers to automate the management of web apps built on top of DEEP ecosystem.
deepify helloworld ~/deep-hello-world
deepify will clone the repository from GitHub and pull all the dependencies in one place.
deepify server ~/deep-hello-world -o
deepify launches a web server that can be used for local development, without making calls to web services from cloud providers like AWS.
deepify deploy ~/deep-hello-world
deepify provisions the infrastructure and deploys the web app, empowering developers and devops engineers to automate the process.
To learn more about helloworld example, or other web apps that run in production, scroll down to Who is using DEEP Framework?
Note 1: To use DEEP Framework
globally, just run in command line:
npm install deep-framework -g
Note 2: Alternatively, to use DEEP Framework
as dependency, include it in package.json
file. For example:
{
"name": "say-hello-world",
"version": "0.0.1",
"description": "AWS Lambda that says hello to the world",
"dependencies": {
"deep-framework": "1.0.*",
...
},
...
}
Note 3: Also, when needed, consider specifying only some libraries instead of entire framework. For example:
{
"name": "say-hello-world",
"version": "0.0.1",
"description": "AWS Lambda that says hello to the world",
"dependencies": {
"deep-db": "1.0.*",
"deep-event": "1.0.*",
"deep-resource": "1.0.*",
...
},
...
}
DEEP Framework
is a nodejs package that is published on npmjs: https://www.npmjs.com/package/deep-framework.
If you are new to node and npm, check out how to install nodejs tutorial.
DEEP Framework
is a nodejs package. In fact it's a collection of nodejs packages, also known as
DEEP Abstracted Libraries
. Here below is the complete list:
DEEP Abstracted Library | Api Docs | Abstracted Web Service(s) |
---|---|---|
deep-asset | Assets Management Library | Amazon S3 |
deep-cache | Cache Management Library | Amazon ElastiCache |
deep-core | Core Management Library | - |
deep-db | Database Management Library | Amazon DynamoDB, Amazon SQS |
deep-di | Dependency Injection Management Library | - |
deep-event | Events Management Library | Amazon Kinesis |
deep-fs | File System Management Library | Amazon S3 |
deep-kernel | Kernel Management Library | - |
deep-log | Logs Management Library | Amazon CloudWatch Logs |
deep-notification | Notifications Management Library | Amazon SNS |
deep-resource | Resouces Management Library | AWS Lambda, Amazon API Gateway |
deep-security | Security Management Library | AWS IAM, Amazon Cognito |
deep-validation | Validation Management Library | - |
There are couple examples / web apps that are using DEEP Framework
at their core:
DEEP Hello World (https://github.com/MitocGroup/deep-microservices-helloworld) is a web app that show cases a full stack example of using DEEP Microservices in the context of Platform-as-a-Service. Developers can either fork this repository or
npm install deepify -g
(https://www.npmjs.com/package/deepify) and run in the command linedeepify helloworld ~/deep-hello-world
.
DEEP Todo App (https://github.com/MitocGroup/deep-microservices-todo-app) is a web app inspired from AngularJS TodoMVC Example (https://github.com/tastejs/todomvc/tree/master/examples/angularjs). It reuses AngularJS module and integrates using
DEEP Framework
to streamline development and deployment using cloud-based web services.
DEEP Marketplace (https://www.deep.mg) is Software-as-a-Service, built on top of DEEP, that empowers customers to choose functionality from listed microservices and deploy them together as an web app into their own AWS accounts with just few clicks; as well as empowers developers to create and publish their microservices and monetize them in similar approach to Apple's App Store.
We are eager to get your feedback, so please use whatever communication channel you prefer:
This project is open source, and we encourage developers to contribute. Here below is the easiest way to do so:
Make sure you update package.json
(or deepkg.json
, depends on the use case) and put your name and contact information in contributors section. We would like to recognize the work and empower every contributor in creative ways :)
Our short-to-medium-term roadmap items, in order of descending priority:
Feature | Details | Owner |
---|---|---|
Implement deep-security | Security service on top of IAM | @mgoria |
Implement deep-notification | Push notification service on top of SNS that supports push to mobile devices, web browsers, email and sms. | @alexanderc |
Implement deep-search | Full text search service on top of Amazon CloudSearch | @alexanderc |
Implement deep-event | Event manager service using Lambda scheduling, Kinesis stream, Dynamo streaming, SQS, etc. | ... |
Implement deep-db "eventual consistency" | Achieve "eventual consistency" by offloading data to SQS as the default option | @alexanderc |
Improve deep-db "strong consistency" | Achieve "strong consistency" by increasing Reads/Writes per second in runtime (as other option for special DB operations) | ... |
Integrate deep-db with deep-cache natively (blocked by VPC support in Lambda) | Cache fetched data by default using deep-cache library | ... |
Implement deep-cache | Cache service on top of Elasticache (Redis) inside Lambdas (blocked by VPC support in Lambda) | ... |
Implement RUM as part of deep-logs | Achieve real user monitoring by logging all user actions and visualize them with an ELK stack | ... |
Optimize the framework to reduce the size of Lambda functions | Optimize deps and packing as well as browserify process to reduce framework size | @alexanderc |
Improve documentation for each deep-* library | Update docs for deep libraries and development tools | @alexanderc @mgoria |
Changelog files are located in /changelog
folder.
See CHANGELOG.md for latest changelog.
This repository can be used under the MIT license.
See LICENSE for more details.
This repository is being sponsored by:
Digital Enterprise End-to-end Platform
, also known as DEEP
, is low cost and low maintenance
Platform-as-a-Service powered by abstracted web services
from cloud providers like Amazon Web Services. This approach has been labeled as
Serverless Architecture.
DEEP
is an ecosystem of DEEP Marketplace,
DEEP Framework and DEEP CLI,
also known as deepify. It enables developers build serverless applications
using abstracted services from cloud providers like Amazon Web Services.
DEEP
aims to remove the heavy lifting from enterprise software through microservices architecture, where developers
(let’s label them lego producers
) focus only to build microservices (let’s label them lego pieces
), while the platform
does the rest: comes pre-built and pre-scaled, low-cost and low-maintenance, very secure and very fast. Customers
(let’s label them lego consumers
) will go to the marketplace, choose the microservices they need and deploy them
as web apps into their own accounts on AWS (or other cloud providers).
In summary: We empower lego consumers to license curated lego pieces from a marketplace of lego producers.
FAQs
DEEP Database Library
The npm package deep-db receives a total of 12 weekly downloads. As such, deep-db popularity was classified as not popular.
We found that deep-db demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.