Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
serverless-localstack
Advanced tools
Serverless Plugin to support running against Localstack.
This plugin allows Serverless applications to be deployed and tested on your local machine. Any requests to AWS to be redirected to a running LocalStack instance.
Pre-requisites:
The easiest way to get started is to install via npm.
npm install -g serverless
npm install --save-dev serverless-localstack
If you'd like to install serverless-localstack via source:
git clone https://github.com/localstack/serverless-localstack
cd serverless-localstack
npm link
Use npm link
to reference the plugin
cd project-path/
npm link serverless-localstack
There are two ways to configure the plugin, via a JSON file or via serverless.yml
.
There are two supported methods for configuring the endpoints, globally via the
host
property, or individually. These properties may be mixed, allowing for
global override support while also override specific endpoints.
A host
or individual endpoints must be configured or this plugin will be deactivated.
service: myService
plugins:
- serverless-localstack
custom:
localstack:
host: http://localhost
stages:
# list of stages for which the plugin should be enabled
- local
endpoints:
# This section is optional - can be used for customizing the target endpoints
S3: http://localhost:4572
DynamoDB: http://localhost:4570
CloudFormation: http://localhost:4581
Elasticsearch: http://localhost:4571
ES: http://localhost:4578
SNS: http://localhost:4575
SQS: http://localhost:4576
Lambda: http://localhost:4574
Kinesis: http://localhost:4568
lambda:
# Enable this flag to improve performance
mountCode: True
stages:
local:
...
Note the stages
attribute in the config above. The serverless-localstack
plugin gets activated if either:
serverless
is invoked with the default stage ("dev") and no stages
config is provided; orserverless
is invoked with a --stage
flag and this stage is included in the stages
configNote that the localstack.lambda.mountCode
flag above will mount the local directory
into the Docker container that runs the Lambda code in LocalStack. If you remove this
flag, your Lambda code is deployed in the traditional way which is more in line with
how things work in AWS, but also comes with a performance penalty: packaging the code,
uploading it to the local S3 service, downloading it in the local Lambda API, extracting
it, and finally copying/mounting it into a Docker container to run the Lambda.
LAMBDA_MOUNT_CWD
: Allow users to define a custom working directory for Lambda mounts.
For example, when deploying a Serverless app in a Linux VM (that runs Docker) on a
Windows host where the -v <local_dir>:<cont_dir>
flag to docker run
requires us
to specify a local_dir
relative to the Windows host file system that is mounted
into the VM (e.g., "c:/users/guest/..."
).service: myService
plugins:
- serverless-localstack
custom:
localstack:
endpointFile: path/to/file.json
serverless deploy --stage local
would deploy to LocalStack.serverless deploy --stage production
would deploy to aws.service: myService
plugins:
- serverless-localstack
custom:
localstack:
stages:
- local
- dev
endpointFile: path/to/file.json
For full documentation, please refer to https://github.com/localstack/localstack
Setting up a development environment is easy using Serverless' plugin framework.
git clone https://github.com/localstack/serverless-localstack
cd /path/to/serverless-localstack
npm link
cd myproject
npm link serverless-localstack
An optional debug flag is supported via serverless.yml
that will enable additional debug logs.
custom:
localstack:
debug: true
LAMBDA_MOUNT_CWD
configuration for customizing Lambda mount dirFAQs
Connect Serverless to LocalStack!
The npm package serverless-localstack receives a total of 40,561 weekly downloads. As such, serverless-localstack popularity was classified as popular.
We found that serverless-localstack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.