Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
serverless-default-aws-resource-attributes
Advanced tools
Set default attributes a given CloudFormation resource should have based on type
This plugin allows you to set default attributes a given CloudFormation resource should have based on type.
This plugin affects resources generated by Serverless.
For example, any default attributes defined for S3 buckets will be applied to the Serverless-generated ServerlessDeploymentBucket
bucket.
You are, however, able to exclude Serverless-generated resources using Exclude:
(see below).
Install the plugin:
npm install -D serverless-default-aws-resource-attributes
Register the plugin in serverless.yml
:
plugins:
- serverless-default-aws-resource-attributes
Example:
custom:
defaultAwsAttributes:
# Enable SSE and block public access for all S3 buckets
# Also set a DeletionPolicy for all S3 buckets
- Type: AWS::S3::Bucket
DeletionPolicy: Retain
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
# Add logging configuration to all S3 buckets except resource with
# logical ID 'LoggingBucket'
- Type: AWS::S3::Bucket
Exclude:
- LoggingBucket
Properties:
LoggingConfiguration:
DestinationBucketName:
Ref: LoggingBucket
FAQs
Set default attributes a given CloudFormation resource should have based on type
The npm package serverless-default-aws-resource-attributes receives a total of 4,491 weekly downloads. As such, serverless-default-aws-resource-attributes popularity was classified as popular.
We found that serverless-default-aws-resource-attributes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.