Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
serverless-log-forwarding
Advanced tools
a serverless plugin to forward logs to given lambda function
Serverless plugin for forwarding CloudWatch logs to another Lambda function.
Amplify builds innovative and compelling digital educational products that empower teachers and students across the country. We have a long history as the leading innovator in K-12 education - and have been described as the best tech company in education and the best education company in tech. While others try to shrink the learning experience into the technology, we use technology to expand what is possible in real classrooms with real students and teachers.
Make sure you have the following installed before starting:
To install the plugin, run:
npm install serverless-log-forwarding
Then make the following edits to your serverless.yaml
file:
plugins:
- serverless-log-forwarding
custom:
logForwarding:
destinationARN: '[ARN of Lambda Function to forward logs to]'
# optional:
roleArn: '[ARN of the IAM role that grants Cloudwatch Logs permissions]'
filterPattern: '[filter pattern for logs that are sent to Lambda function]'
normalizedFilterID: true # whether to use normalized function name as filter ID
stages:
- '[name of the stage to apply log forwarding]'
- '[another stage name to filter]'
createLambdaPermission: true # whether to create the AWS::Lambda::Permission for the destinationARN (when policy size limits are a concern)
functions:
myFunction:
handler: src/someHandler
# optional properties for per-function configuration:
logForwarding:
# set enabled to false to disable log forwarding for a single given function
enabled: false
To run unit tests:
npm run test
For running integration tests you will need to log into you AWS account and set AWS_PROFILE environment variable, it will be used to create AWS entities for testing purposes
export AWS_PROFILE=<profile_name>
export SERVERLESS_LICENSE_KEY=<sls_license_key>
npx npm run build
npx npm run integration-test
All tests should pass. All unit tests should pass before merging. Integration tests will probably take some time
If there is an error update the node_modules inside the root folder of the directory:
npm install
Unit tests are found in test/unit-tests
.
Integration tests are found in test/integration-tests
.
test/integration-tests
contains configs folder,
for every test there is a folder with serverless.yml
configuration and logs_producer.py
.
To add another test create a folder for your test with the folder name that corresponds to test name
and add code to run test to test/integration-tests/integration-tests.ts
The plugin will be packaged with the lambda when deployed as normal using Serverless:
serverless deploy
If you have any security issue to report, contact project maintainers privately. You can reach us at github@amplify.com
We welcome pull requests! For your pull request to be accepted smoothly, we suggest that you:
[4.0.0] - 2024-11-27
FAQs
a serverless plugin to forward logs to given lambda function
The npm package serverless-log-forwarding receives a total of 2,517 weekly downloads. As such, serverless-log-forwarding popularity was classified as popular.
We found that serverless-log-forwarding demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.