Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
rox-serverless
Advanced tools
CloudBees Feature Management is a secure feature management solution for the enterprise.
Accelerate development and minimize the risk of deploying new code with simple to create feature flags, controlled rollouts, advanced target groups & deployment rules.
Please see the detailed instructions in our docs on how to add CloudBees Feature Management to your project.
Getting started guide, use cases, examples and videos can be found in CloudBees Feature Management documentation
This SDK exposes CloudBees Feature Management functionality in a way that is ideally suited to serverless environments. Other language SDKs are designed to operate in long-running applications, managing feature flag configuration and communications with the CloudBees Feature Management ecosystem for you. The Javascript SDK for serverless instead provides an extremely fast and efficient way for serverless applications evaluate feature flags using injected flag configuration data.
NOTE
Because the CloudBees Feature Management SDK for serverless runs disconnected from the wider Feature Management ecosystem, it does not record or report flag impressions
yarn add rox-serverless
or
npm i rox-serverless --save
Unlike other SDKs, the Javascript SDK for serverless will not fetch feature flag configuration information itself, this must be fetched externally and injected into the application. This allows the SDK to offer extremely rapid and efficient start-up and flag evaluation that is ideally suited to serverless applications. The flag configuration data provided to the application should be refreshed periodically to ensure it remains current. To fetch flag configuration, see the package rox-flag-config-fetcher
Use the initFeatureFlags()
function to initialise CloudBees Feature Management from a flag configuration that was previously fetched.
The flag configuration could be injected into your serverless application at runtime, or fetched from a fast data store such as CloudFlare KV (Key/Value store).
import {initFeatureFlags} from './FlagResolver'
// Inject flagConfiguration data from your external source.
const flagConfig = getFlagConfig() // <-- Provide your logic here.
await initFeatureFlags(flagConfig)
import {getAllFlags, getFlagValue, getNumberFlagValue, isEnabled} from './FlagResolver'
// Get the names of all feature flags defined in the flag configuration:
const flagNames = getAllFlags()
// Get the state of a boolean feature flag:
const aBooleanFlagValue = isEnabled(flagName)
// Get the value of a string feature flag:
const aStringFlagValue = getFlagValue(flagName)
// Get the value of a number feature flag:
const aNumberFlagValue = getNumberFlagValue(flagName)
CloudBees Feature Management is free-to-use, proprietary software. Please see the full license (found in LICENSE in this distribution) for details on its license and the licenses of its dependencies.
CloudBees Feature Management Javascript SDK for serverless is free-to-use, proprietary software. Please see the full license found under the LICENSE file for more details.
Feedback is always welcomed at support@cloudbees.com
FAQs
CloudBees Feature Management ROX JS SDK for serverless
The npm package rox-serverless receives a total of 9 weekly downloads. As such, rox-serverless popularity was classified as not popular.
We found that rox-serverless demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.