Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
serverless-log-forwarding
Advanced tools
serverless-log-forwarding
Serverless plugin for forwarding CloudWatch logs to another Lambda function.
About Amplify
Amplify builds innovative and compelling digital educational products that empower teachers and students across the country. We have a long history as the leading innovator in K-12 education - and have been described as the best tech company in education and the best education company in tech. While others try to shrink the learning experience into the technology, we use technology to expand what is possible in real classrooms with real students and teachers.
Getting Started
Prerequisites
Make sure you have the following installed before starting:
Installing
To install the plugin, run:
npm install serverless-log-forwarding
Then make the following edits to your serverless.yaml file:
plugins:
- serverless-log-forwarding
custom:
logForwarding:
destinationARN: '[ARN of Lambda Function to forward logs to]'
# optional:
roleArn: '[ARN of the IAM role that grants Cloudwatch Logs permissions]'
filterPattern: '[filter pattern for logs that are sent to Lambda function]'
normalizedFilterID: true # whether to use normalized function name as filter ID
stages:
- '[name of the stage to apply log forwarding]'
- '[another stage name to filter]'
createLambdaPermission: true # whether to create the AWS::Lambda::Permission for the destinationARN (when policy size limits are a concern)
functions:
myFunction:
handler: src/someHandler
# optional properties for per-function configuration:
logForwarding:
# set enabled to false to disable log forwarding for a single given function
enabled: false
Running Tests
To run the test:
npm test
All tests should pass.
If there is an error update the node_module inside the serverless-log-forwarding folder:
npm install
Deploying
The plugin will be packaged with the lambda when deployed as normal using Serverless:
serverless deploy
Responsible Disclosure
If you have any security issue to report, contact project maintainers privately. You can reach us at github@amplify.com
Contributing
We welcome pull requests! For your pull request to be accepted smoothly, we suggest that you:
- For any sizable change, first open a GitHub issue to discuss your idea.
- Create a pull request. Explain why you want to make the change and what it’s for. We’ll try to answer any PRs promptly.
[3.0.1] - 2022-02-28
Added
- Fixes for build
Keywords
FAQs
a serverless plugin to forward logs to given lambda function
The npm package serverless-log-forwarding receives a total of 3,345 weekly downloads. As such, serverless-log-forwarding popularity was classified as popular.
We found that serverless-log-forwarding demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Feb 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025