
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
serverless-layers
Advanced tools
[](http://www.serverless.com) [](https://github.com/agutoli/serverless-layers/issues) [ : Available for <= 1.5.0 , for versions >= 2.x please use compatibleRuntimes |
dependenciesPath | string | package.json | Note: >= 2.x versions. You can specify custom path for your package.json |
compatibleRuntimes | array | ['nodejs'] | Possible values: nodejs, nodejs10.x, nodejs12.x |
layerOptimization.cleanupPatterns | array | check | The pattern of files to cleanup in the layer artifact before uploading it. |
Option | Type | Default | Description |
---|---|---|---|
packageManager | string | bundle | Possible values: bundle |
dependenciesPath | string | Gemfile | Note: Available for >= 2.x versions. You can specify custom path for your requirements.txt |
compatibleRuntimes | array | ['ruby'] | Possible values: ruby2.5, ruby2.7 |
layerOptimization.cleanupPatterns | array | check | The pattern of files to cleanup in the layer artifact before uploading it. |
Option | Type | Default | Description |
---|---|---|---|
packageManager | string | pip | Possible values: pip |
dependenciesPath | string | requirements.txt | Note: Available for >= 2.x versions. You can specify custom path for your requirements.txt |
compatibleRuntimes | array | ['python'] | Possible values: python2.7, python3.x |
layerOptimization.cleanupPatterns | array | check | The pattern of files to cleanup in the layer artifact before uploading it. |
This plugin will setup follow options automatically if not specified at serverless.yml
.
Option | Type | Default |
---|---|---|
package.individually | bool | false |
package.patterns | array | ['node_modules/**'] |
package.excludeDevDependencies | bool | false |
serverless-layers-policy.json
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::examplebucket"
},
{
"Effect":"Allow",
"Action":[
"cloudformation:DescribeStacks"
],
"Resource": "*"
},
{
"Effect":"Allow",
"Action":[
"lambda:PublishLayerVersion"
],
"Resource": "*"
}
]
}
MIT
Yes, thank you! This plugin is community-driven, most of its features are from different authors. Please update the docs and tests and add your name to the package.json file. We try to follow Airbnb's JavaScript Style Guide.
Made with contributors-img.
FAQs
[](http://www.serverless.com) [](https://github.com/agutoli/serverless-layers/issues) [.
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.