Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
LambdaFS
Efficient (de)compression package for AWS Lambda, supporting Brolti, Gzip and Tarballs
Install
npm install lambdafs --save-prod
CLI
This package provides a brotli CLI command to conveniently compress files and/or folders.
npx lambdafs /path/to/compress
The resulting file will be a (potentially tarballed) Brotli compressed file, with the same base name as the source.
Due to the highest compression level, it might take a while to compress large files (100MB ~ 5 minutes).
Usage
The nodejs12.x or nodejs14.x AWS Lambda runtime is required for this package to work properly.
const lambdafs = require('lambdafs');
exports.handler = async (event, context) => {
try {
let file = __filename; // /var/task/index.js
let folder = __dirname; // /var/task
// Compressing
let compressed = {
file: await lambdafs.deflate(file), // /tmp/index.js.gz
folder: await lambdafs.deflate(folder), // /tmp/task.tar.gz
};
// Decompressing
let decompressed = {
file: await lambdafs.inflate(compressed.file), // /tmp/index.js
folder: await lambdafs.inflate(compressed.folder), // /tmp/task
};
return context.succeed({ file, folder, compressed, decompressed });
} catch (error) {
return context.fail(error);
}
};
API
deflate(path: string): Promise<string>
Compresses a file/folder with Gzip and returns the path to the compressed (tarballed) file.
The resulting file will be saved under the default temporary directory (
/tmpon AWS Lambda).
Due to costly execution time on AWS Lambda, Gzip is always used to compress files.
inflate(path: string): Promise<string>
Decompresses a (tarballed) Brotli or Gzip compressed file and returns the path to the decompressed file/folder.
The resulting file(s) will be saved under the default temporary directory (
/tmpon AWS Lambda).
Supported extensions are: .br, .gz, .tar, .tar.br (and .tbr), .tar.gz (and .tgz).
For tarballs, original file modes are perserved. For any other files
0700is assumed.
Rationale
Getting large resources onto AWS Lambda can be a challenging task due to the deployment package size limit:
| Limit | Context |
|---|---|
| 50 MB | Zipped, for direct uploads. |
| 250 MB | Unzipped, S3 and layers. |
For this reason, it's important to achieve a very high compression ratio as well as fast decompression times.
This is where the Brotli algorithm comes in:
It allows us to get the best compression ratio and fast decompression times (at the expense of a slow compression).
License
MIT
FAQs
Efficient (de)compression package for AWS Lambda
The npm package lambdafs receives a total of 36,366 weekly downloads. As such, lambdafs popularity was classified as popular.
We found that lambdafs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Dec 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025