Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Apache 2.0 licensed.
IOpipe is a toolkit for building and orchestrating event-driven and serverless applications. These apps may run locally or in the cloud via AWS Lambda, Google Cloud Functions, or Azure Functions.
IOpipe can:
We call our serverless functions "kernels". Kernels take and transform input and communicate over the networking, operating in a fashion to Unix pipes. A kernel may receive input or send output to/from web service requests, functions, or local applications.
The NodeJS SDK provides a generic callback chaining mechanism which allows mixing HTTP(S) requests/POSTs, function calls, and kernels. Callbacks receive the return of the previous function call or HTTP body.
The callback variable received by a function is also an AWS Lambda-compatible "context" object. Because of this, you can chain standard callback-based NodeJS functions, and functions written for AWS Lambda.
var iopipe = require("iopipe")()
/* Get HTTP data, process it with SomeScript, and POST the results.
Note that com.example.SomeScript would be present in .iopipe/filter_cache/ */
iopipe.exec("http://localhost/get-request",
"com.example.SomeScript",
"http://otherhost.post")
// Users may chain functions and HTTP requests.
iopipe.exec(function(_, callback) { callback("something") },
function(arg, callback) { callback(arg) },
"http://otherhost.post",
your_callback)
// A function may also be returned then executed later.
var f = iopipe.define("http://fetch", "https://post")
f()
// A defined function also accepts parameters
var echo = require("iopipe-echo")
var f = iopipe.define(echo, console.log)
f("hello world")
/* Create an AWS Lambda function from any NodeJS function /w callback.
The callback becomes the equivilent of a done or success call on AWS. */
export.handler = iopipe.define(function(event, callback) {
console.log(event)
callback()
})
/* Of course, this method chaining also works for creating AWS Lambda code.
This example will fetch HTTP data from the URL in the event's 'url' key
and return a SHA-256 of the retrieved content. */
var crypto = require("crypto")
export.handler = iopipe.define(iopipe.property("url"),
iopipe.fetch,
(event, callback) => {
callback(crypto
.createHash('sha256')
.update(event)
.digest('hex'))
})
IOpipe also acts as an AWS Lambda Client where a Lambda function may be specified by its URN and included in the execution chain:
var iopipe = require("iopipe")()
var iopipe_aws = require("iopipe")(
exec_driver: 'aws'
exec_driver_opts: {
region: 'us-west-1',
access_key: 'itsasecrettoeverybody',
secret_key: 'itsasecrettoeverybody'
}
)
var crypto = require("crypto")
export.handler = iopipe_aws.define("urn:somefunction",
"urn:anotherfunction",
iopipe.property("property-of-result"),
iopipe.fetch, # fetch that as a URL
(event, callback) => {
callback(JSON.parse(event))
},
iopipe.map(
iopipe_aws.define(
"urn:spawn_this_on_aws_for_each_value_in_parallel"
)
))
For more information on using the NodeJS SDK, please refer to its documentation: https://github.com/iopipe/iopipe/blob/master/docs/nodejs.md
Requests and responses are translated using kernels, and may pipe to other kernels, or to/from web service endpoints.
Kernels simply receive request or response data and output translated request or response data.
Example:
module.exports = function(input, context) {
context.done("I'm doing something with input: {0}".format(input))
}
Functions should expect a "context" parameter which may be called directly as a callback, but also offers the methods 'done', 'success', and 'fail'. Users needing, for any reason, to create a context manually may call iopipe.create_context(callback).
For more on writing filters see: https://github.com/iopipe/iopipe/blob/master/docs/kernels.md
A Go-based CLI exists to create and export npm modules, share code, and provide runtime of magnetic kernels.
Find this tool in the IOpipe-Golang repo.
Kernels are executed in individual virtual machines whenever allowed by the executing environment. The definition of a virtual machine here is lax, such that it may describe a Javascript VM, a Linux container, or a hardware-assisted x86 virtual machine. Users should exercise caution when running community created kernels.
It is a project priority to make fetching, publishing, and execution of kernels secure for a production-ready 1.0.0 release.
Modules are fetched and stored using sha256 hashes, providing an advantage over module-hosting mechanisms which are based simply on a name and version. Future versions of IOpipe will likely implement TUF for state-of-the-art software assurance.
Contact security@iopipe.com for questions.
Apache 2.0
FAQs
The IOpipe agent and plugins
The npm package iopipe receives a total of 55 weekly downloads. As such, iopipe popularity was classified as not popular.
We found that iopipe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.