Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A module for mocking and testing AWS API Gateway in conjunction with Lambda functions.
A module for mocking and testing AWS API Gateway in conjunction with Lambda functions.
Install the module:
npm install glambda --save-dev
To see a fully functional demo, see the /test
directory. The index.js
file is setup to run using the lambdas
and the gateway.yml
file. The tests run against this configuration as well.
After installing the npm module simply include it in a file where it will run and
set any config options on init
:
// Include the module
var glambda = require('glambda')
// Set options and init
glambda.init({
lambdas: './lambdas',
schema: './gateway.yml',
port: 8181,
apiPath: '/api',
log: true,
cors: {
origin: '*',
methods: 'GET,PUT,POST,DELETE,OPTIONS',
headers: 'Content-Type, Authorization, Content-Length, X-Requested-With'
}
})
The above shows a standard set of config options:
lambdas
: Path to the directory containing lambdasschema
: Path to the API gateway YAML configport
: Port on which the HTTP server will runapiPath
: Any path (proceeding root) to include in HTTP requests mappinglog
: Wether or not to log to consoleSimply running the file created above will spin up the service, then accessing the endpoints via the corresponding lambda name will spawn the Lambda function and return its results.
Environment Variables
The system runs a configuration load process which uses the default values,
overrides with any initialized (passed) config properties and (lastly) checks
for environment variables following the convention GL_{PROPERTY}
.
Note: CORS settings don't currently support environment variables
The gateway.yml
format was designed to closely match the
AWS API Gateway. The structure is intended
to appear similar to the Resource (left-hand) pane when editing an API in the
web interface.
---
/:
/foo:
GET:
lambda: "foo"
templates:
application/json:
method: "get"
POST:
lambda: "foo"
templates:
application/json:
method: "post"
body: "$input.json('$')"
/foo/{fooId}:
GET:
lambda: "foo"
templates:
application/json:
id: "$input.params('fooId')"
method: "get"
PUT:
lambda: "foo"
templates:
application/json:
id: "$input.params('fooId')"
baz: "quz"
body: "$input.json('$')"
It's simple to identify the core nodes of the tree, i.e. the paths of the requests and their associated methods. To explain, the following shows results of a number of requests made against the above configuration:
PATH | METHOD | BODY | RESPONSE/EVENT |
---|---|---|---|
/ | ANY | N/A | METHOD NOT ALLOWED |
/foo | GET | N/A | { method: 'get' } |
/foo | POST | { fizz: 'buzz' } | { method: 'post', body: { fizz: 'buzz' } |
/foo/123 | GET | N/A | { method: 'get', fooId: 123 } |
/foo/123 | PUT | { baz: 'quz' } | { method: 'put', fooId: 123, body: { baz: 'quz' } } |
GLambda will output information from both the service and the Lambdas. An example of the Lambda-specific log output is below:
[2015-08-02 14:26:46] INFO: Lambda Processed (...)
lambda: foo
event: {"method":"get"}
pid: 30945
memory: { rss: 20062208, heapTotal: 9751808, heapUsed: 3989464 }
time: 0.124
Currently Glambda only supports a single template which must be application/json
.
The plan is to expand on this, see Support Multiple Templates
issue for more information.
A Makefile
is included for managing build and install tasks. The commands are
then referenced in the package.json
scripts
if that is the preferred
task method:
all
(default) will run all build tasksstart
will run the main scriptclean
will remove the /node_modules
directoriesbuild
will transpile ES2015 code in /src
to /build
test
will run all spec files in /test/src
cover
will run code coverage on all testslint
will lint all files in /src
doc
will run ESDoc on all files in /src
and output to /docs
report
will run Plato static analysis on /build
and output to /report
dev
will run...
watch
will run the dev
task and rerun on change of /src
filesTest Inidividual File
An individual spec can be run by specifying the FILE
:
make test FILE=some.spec.js
The FILE
is relative to the test/src/
directory.
Deploys
For deploying releases, the deploy TAG={VERSION}
can be used where VERSION
can be:
<newversion> | major | minor | patch | premajor
Both make {COMMAND}
and npm run {COMMAND}
work for any of the above commands.
Glambda is licensed under the MIT license. Please see LICENSE.txt
for full details.
Glambda was designed and created at TechnologyAdvice.
FAQs
A module for mocking and testing AWS API Gateway in conjunction with Lambda functions.
We found that glambda demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.