Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
lambda-cfn
Advanced tools
Quickly define Lambda functions and supporting resources via a javascript CloudFormation template.
In a file named like myTemplate.template
:
var lambdaCfn = require('lambda-cfn');
module.exports = lambdaCfn(
[
'myHandler.js',
],
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "my stack"
}
);
where in myHandler.js
you've exported:
After uploading a zip of your project to a location in Lambda, you can then deploy this javascript CloudFormation template with cfn-config to deploy your function.
See the patrol README for more examples and the rules spec for a complete reference.
AWS Lambda simplifies deploying code on AWS by eliminating the need to run EC2s. However, you still need to:
lambda-cfn provides for a simplified interface for defining all of the above, and when used in combination with cfn-config, offers a command line interface for deploying and updating the CloudFormation template in which your lambda functions and supporting resources are captured.
Instead of directly writing a CloudFormation template, cfn-config is able to read a javascript file, and, if that javascript file implements lambda-cfn, cfn-config + lambda-cfn turn that file into a valid CloudFormation template.
lambda-cfn adheres to a rules spec in order for a Lambda function, supporting resources, and configuration to be defined in javascript files, which can then be expanded into CloudFormation template JSON.
Refer to the patrol README, and especially its "getting started" guide for an example usage of lambda-cfn.
FAQs
CloudFormation boiler plate for lambda functions
The npm package lambda-cfn receives a total of 1 weekly downloads. As such, lambda-cfn popularity was classified as not popular.
We found that lambda-cfn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 55 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.