New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

ls-lambda-helpers

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ls-lambda-helpers

Helpers that aid fast lambda creation

latest
Source
npmnpm
Version
2.4.0
Version published
Weekly downloads
5
-80%
Maintainers
1
Weekly downloads
 
Created
Source

ls-lambda-helpers

GitHub package.json version GitHub code size in bytes Snyk Vulnerabilities for GitHub Repo GitHub Workflow Status

Helpers used to aid in rapid developement and coding consistentcy.

Install

npm install ls-lambda-helpers

Setup

Standard helpers take a argument such as an apiKey when calling a method. This helper differs in that it uses specified named Environmental Variables. This makes it a little less flexible but much more powerful in that it requires you to use AWS Secrets Manager.

  • Make sure you are storing secrerts in AWS Secrets Manager
  • Use a config file to change secrets between environments

Helpers

Logger

Description

Create log levels between environments

  • console.debug() - If log level is set to debug, it will log everything.
  • console.info() - If log level is set to info, it will log info and error.
  • console.error() - If log level is set to error, it will only log error.
  • console.audit() - If log level is set to audit, it will log no matter the level or stage.
  • console.log() is overwritten so that if the stage is Production it will NOT log. This prevents sensitive information from ending up in the logs

Setup

serverless.yml

service: service-name
custom:
    logLevel:
        dev: 'debug'
        qa: 'info'
        preprod: 'info'
        prod: 'error'
provider:
    environment:
        STAGE: ${self:provider.stage}
        LOG_LEVEL: ${self:custom.logLevel.${self:provider.stage}}

** Note: If you do not need custom level for each stage and only want to override PROD then only include STAGE: ${self:provider.stage}

file.js

const { Logger } = require('ls-lambda-helpers');
const console = new Logger();

exports.handler = async (event, context) => { 
  console.info("Event", event);
  console.audit("Context", context);
}

Response

Description

When using Lambda Proxy with ApiGateway this will return the proper response back to the client.

Setup

file.js

const { Response } = require('ls-lambda-helpers');

exports.handler = async (event, context) => { 
  const {queryStringParameters:{test}} = event;
  if (test != "string") return new Response("Your input is garbage").fail();
  
  return new Response("Looks Good").sucess();
}

AWS Get Secret

Description

Retrieves AWS Secret by name. Secret must be in json (key: value) format.

Setup

Create a new secret in Secrets Manager and record the name.

file.js

const { Secrets } = require('ls-lambda-helpers');
const {SECRET_NAME} = process.env;

exports.handler = async (event, context) => { 
  const secret = await Secrets.getSecret(SECRET_NAME);
  console.log('SECRET:', secret)
}

DDQ Auth

Description

Handles authentication and updating expired tokens in AWS SSM parameter store.

Setup

As of now you must use SSM Parameter Store but a refactor will be coming to move to Secrets Manager

serverless.yml

service: service-name
provider:
    environment:
        DDQ_URL: https://url-to-ddq-endpoint
        DDQ_TOKEN: /ddq/dev/token
        DDQ_CREDENTIALS: /ddq/dev/credentials
        DDQ_SESSION_TOKEN: /application-name/dev/ddq/session

file.js

const { DDQ } = require('ls-lambda-helpers');
...
exports.handler = async (event, context) => { 
  const session = await DDQ.ddqAuth();
  const orderHeader = await getOrderHeader(session.ddqToken, orderId);
}

SFMC Data Extensions

Description

Handles authentication and calling SalesForce Marketing Cloud DataExtension API

Setup

You must use AWS SecretesManager to store your credentials. Please store creds in the following format: clientId:{ID}, clientSecret:{SECRET}

serverless.yml

service: service-name
provider:
    environment:
        SFMC_SECRET_NAME: name-of-secret

file.js

const { SFMC } = require('ls-lambda-helpers');
// This is the URL path after /data/v1/async/dataextensions/key:
const {SFMC_URL_METHOD} = process.env;

exports.handler = async (event, context) => { 
  const postRes = await SFMC.postAPI(SFMC_URL_METHOD, {items:[{item1:'value1', item2:'value2'}]});
        console.log('POST RES:', postRes);
}

JWT

Description

Handles JWT tokens decoding and validations.

Setup

The JWT helper has inbuilt functions that take a JWT token to manage their data.

file.js

const { JWT } = require('ls-lambda-helpers');

exports.handler = async (event, context) => { 
  const token = JSON.parse(event.body);
  
  // DECODE: Decodes the info inside a token.
  const decodedToken = JWT.decode(token);

  // HAS EXPIRED: Tells if a token has expired.
  const isExpired = JWT.hasExpired(token);
  // You can pass the decoded token to this method if you already did it before.
  const isExpiredFromString = JWT.decodedTokenHasExpired(decodedToken);
}

Keywords

helpers

FAQs

Package last updated on 16 Aug 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026