Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
serverless-offline
Advanced tools
The serverless-offline npm package allows you to run a local development environment that simulates AWS Lambda and API Gateway. This enables you to develop and test your serverless applications locally without deploying them to the cloud.
Simulate AWS Lambda
This feature allows you to simulate AWS Lambda functions locally. The code sample shows how to configure the serverless-offline plugin in your serverless.yml file to run on port 3000.
const serverless = require('serverless-offline');
module.exports = {
plugins: [serverless],
custom: {
'serverless-offline': {
port: 3000
}
}
};
Simulate API Gateway
This feature allows you to simulate API Gateway endpoints locally. The code sample shows how to define a simple HTTP GET endpoint that triggers the 'hello' function.
const serverless = require('serverless-offline');
module.exports = {
plugins: [serverless],
functions: {
hello: {
handler: 'handler.hello',
events: [
{
http: {
path: 'hello',
method: 'get'
}
}
]
}
}
};
Custom Lambda Environment Variables
This feature allows you to set custom environment variables for your Lambda functions. The code sample shows how to define an environment variable 'MY_ENV_VAR' with a value of 'value'.
const serverless = require('serverless-offline');
module.exports = {
plugins: [serverless],
provider: {
environment: {
MY_ENV_VAR: 'value'
}
}
};
LocalStack provides a fully functional local AWS cloud stack. It allows you to run AWS services like Lambda, S3, DynamoDB, and more on your local machine. Compared to serverless-offline, LocalStack offers a broader range of AWS services but can be more complex to set up.
This Serverless plugin emulates AWS API Gateway and Lambda locally to speed up your development cycles.
s-function.json
files (the plugin responds 503).require
cache is invalidated on each λ invocation, no need for a reloading tool like Nodemon).Requires Serverless v0.4.x. In your Serverless project root:
npm install serverless-offline
Then in s-project.json
add following entry to the plugins array: serverless-offline
Like this:
"plugins": ["serverless-offline"]
And in your project root run:
sls offline start
All CLI options are optionnal.
--prefix
-p
: Add prefix to the URLs, so your clients will not use http://localhost:3000/
but http://localhost:3000/prefix/
instead. Default: none.
--port
-P
: Port to listen on. Default: 3000.
--stage
-s
: The stage used to populate your velocity templates. Default: the first stage found in your project.
--region
-r
: The region used to populate your velocity templates. Default: the first region for the first stage found in your project.
--httpsProtocol
-h
: To enable HTTPS, specify directory for both cert.pem
and key.pem
files. E.g. -h ../
. Default: none.
--skipRequireCacheInvalidation
-c
: Tells the plugin to skip require cache invalidation. A script reloading tool like Nodemon might then be needed. Default: false.
--debugOffline
: Prints debug messages. Can be useful to see how your templates are processed.
Just send your requests to http://localhost:3000/
as it would be API Gateway. Please note that:
s-function.json
or s-templates.json
files, other files are lazy loaded.application/json
, and so does the plugin.
But if you send a application/x-www-form-urlencoded
or a multipart/form-data
body with a application/json
(or no) Content-Type, API Gateway won't parse your data (you'll get the ugly raw as input) whereas the plugin will answer 400 (malformed JSON).
Please consider explicitly setting your requests' Content-Type and using separates templates.{ isOffline: true }
.You can have handler.coffee
instead of handler.js
. No additional configuration is needed
Optionaly, your λ handlers can be required with babel-register
to support ES6/ES7 features.
To do so, in your s-project.json
file, set options to be passed to babel-register like this:
{
/* ... */
"custom": {
"serverless-offline": {
"babelOptions": {
/* Your own options, example: */
"presets": ["es2015", "stage-2"]
}
}
},
"plugins": ["serverless-offline", /* ... */]
}
Here is the full list of babel-register options
This plugin simulates API Gateway for many practical purposes, good enough for development - but is not a perfect simulator. Specifically, Lambda currently runs on Node v0.10.13, whereas Offline runs on your own runtime where no memory limits are enforced. security checks are not simulated. You will probably find other differences.
Currently, the main difference between the JavaScript Velocity parser this plugin uses and AWS's parser is how they handle types:
Consider this requestTemplate for a POST endpoint:
"application/json": {
"payload": "$input.json('$')",
"id_json": "$input.json('$.id')",
"id_path": "$input.path('$').id"
}
Now let's make a request with this body:
{
"id": 1
}
AWS parses the event as such:
{
"payload": {
"id": 1
},
"id_json": 1,
"id_path": "1" // String type
}
Whereas Offline parses:
{
"payload": {
"id": 1
},
"id_json": 1,
"id_path": 1, // Number type
"isOffline": true
}
Accessing an attribute after using $input.path will return a string on AWS (expect strings like "1"
or "true"
) but not with Offline (1
or true
).
This plugin is a fork of Nopik's Serverless-serve, the main differences are:
Yes, thanks a lot!
MIT
FAQs
Emulate AWS λ and API Gateway locally when developing your Serverless project
The npm package serverless-offline receives a total of 305,385 weekly downloads. As such, serverless-offline popularity was classified as popular.
We found that serverless-offline demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.