New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
serverless-plugin-static-env
Advanced tools
serverless-plugin-static-env - npm Package Compare versions
Comparing version 0.1.0 to 0.2.0-alpha.1
| { | ||
| "name": "serverless-plugin-static-env", | ||
| "version": "0.1.0", | ||
| "version": "0.2.0-alpha.1", | ||
| "description": "Replace environment variables with static strings before deployment. It is for Lambda @ Edge.", | ||
| "main": "index.js", | ||
| "main": "dist/index.js", | ||
| "scripts": { | ||
| "test": "echo \"Error: no test specified\" && exit 1" | ||
| "build": "tsc", | ||
| "lint": "eslint src", | ||
| "release": "semantic-release" | ||
| }, | ||
@@ -24,3 +26,19 @@ "repository": { | ||
| }, | ||
| "homepage": "https://github.com/orthanc/serverless-plugin-static-env#readme" | ||
| "homepage": "https://github.com/orthanc/serverless-plugin-static-env#readme", | ||
| "devDependencies": { | ||
| "@commitlint/cli": "^11.0.0", | ||
| "@commitlint/config-conventional": "^11.0.0", | ||
| "@tsconfig/node12": "^1.0.7", | ||
| "@types/node": "^14.14.16", | ||
| "@types/serverless": "^1.78.16", | ||
| "@typescript-eslint/eslint-plugin": "^4.11.1", | ||
| "@typescript-eslint/parser": "^4.11.1", | ||
| "eslint": "^7.16.0", | ||
| "eslint-config-prettier": "^7.1.0", | ||
| "eslint-plugin-prettier": "^3.3.0", | ||
| "husky": "^4.3.6", | ||
| "prettier": "^2.2.1", | ||
| "semantic-release": "^17.3.1", | ||
| "typescript": "^4.1.3" | ||
| } | ||
| } |
@@ -12,12 +12,82 @@ [](http://www.serverless.com) | ||
| This is forked from [serverless-plugin-embedded-env-in-code](https://github.com/zaru/serverless-plugin-embedded-env-in-code) | ||
| with the intention of taking a slightly different approach to the same problem. | ||
| with as it takes a different solution to the same problem of providing environment variables to Lambda@Edge. | ||
| This is work in progress, if you're looking for a working solution use [serverless-plugin-embedded-env-in-code](https://github.com/zaru/serverless-plugin-embedded-env-in-code). | ||
| In summary, what this does is take all environment variables specified in the `serverless.yml` in | ||
| `provider.environment` or `function.environment` and packages them into the deployment zip so they | ||
| become defaults if the environment variables defined when the function is executed. Practically speaking | ||
| this means any environment variables specified in `provider.environment` or `function.environment` are | ||
| available to Lambda@Edge functions the same way as they would to a normal lambda. The key difference being | ||
| a redeployment is required to update the values. | ||
| ## Approach Difference | ||
| # Configuration | ||
| Rather than using string substution, the intent is to load the module and replace it with a static version of it's exports using | ||
| the built in serverless environment options. | ||
| Environment variables and their values are configured as normal, either in the top level | ||
| [provider.environment](https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/) | ||
| or [function.engironment](https://www.serverless.com/framework/docs/providers/aws/guide/functions#environment-variables) | ||
| The idea is this will provide a more consistent flow with other lambdas (specifying environment on the provider or function) | ||
| and also allow less constraints on the configuration file. | ||
| When the function is packaged for deployment the values will be embedded in the package so that they are present in `process.env` | ||
| as normal. Note that any environment variables actually set in the environment will take precedence, | ||
| these are packaged as defaults only. | ||
| By default, any function with a [cloudFront event trigger](https://www.serverless.com/framework/docs/providers/aws/events/cloudfront/) | ||
| will have it's environment variables embedded during packaging. | ||
| A function can explicitly opt in or out of this behavior by specifying the boolean `includeStaticEnv` in the function | ||
| definition. | ||
| # Example | ||
| The below serverless.yml shows the various usages | ||
| ``` | ||
| service: | ||
| name: static-env-example | ||
| provider: | ||
| name: aws | ||
| runtime: nodejs12.x | ||
| stage: ${opt:stage, 'development'} | ||
| region: 'us-east-1' | ||
| # These environment variables will be made available to all function and included | ||
| # where static environment is embedded | ||
| environment: | ||
| SHARED_ENVIRONMENT_VAR1: 'value1' | ||
| SHARED_ENVIRONMENT_VAR2: 'value2' | ||
| plugins: | ||
| - serverless-plugin-static-env | ||
| functions: | ||
| edgeFunctionWithStaticEnv: | ||
| handler: dist/endpoints/edgeFunctionWithStaticEnv.handler | ||
| environment: | ||
| FUNCTION_SPECIFIC_ENVIRONMENT_VAR1: 'value3' | ||
| FUNCTION_SPECIFIC_ENVIRONMENT_VAR2: 'value4' | ||
| # includeStaticEnv: true # this will have static env by default because it includes a | ||
| # cloudFront event trigger. If this was set to false it would | ||
| # not have a static env even though it has a cloudFront trigger | ||
| # | ||
| # Without a cloudFront trigger this would have to be explicitly | ||
| # set to true to opt in to embedding the static environment | ||
| events: | ||
| - cloudFront: | ||
| eventType: viewer-response | ||
| origin: s3://bucketname.s3.amazonaws.com/files | ||
| ``` | ||
| ## How it Works | ||
| For each function an additional `-env.js` file is generated with the static environment. E.g. with | ||
| the example configuration above the file `dist/endpoints/edgeFunctionWithStaticEnv-env.js` would be | ||
| generated with the following content | ||
| ``` | ||
| process.env["SHARED_ENVIRONMENT_VAR1"] = process.env["SHARED_ENVIRONMENT_VAR1"] == null ? "value1": process.env["SHARED_ENVIRONMENT_VAR1"]; | ||
| process.env["SHARED_ENVIRONMENT_VAR2"] = process.env["SHARED_ENVIRONMENT_VAR2"] == null ? "value2": process.env["SHARED_ENVIRONMENT_VAR2"]; | ||
| process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR1"] = process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR1"] == null ? "value3": process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR1"]; | ||
| process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR2"] = process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR2"] == null ? "value4": process.env["FUNCTION_SPECIFIC_ENVIRONMENT_VAR2"]; | ||
| ``` | ||
| The file `dist/endpoints/edgeFunctionWithStaticEnv.js` would also be updated to require `dist/endpoints/edgeFunctionWithStaticEnv-env.js` | ||
| as it's first action ensuring that these variables are present before any other required code is executed. |
New alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by196.42%
11178
- Lines of code
- increased by69.09%
93
- Number of low quality alerts
- decreased by-50%
1
- Number of lines in readme file
- increased by304.35%
93
Worsened metrics
- Dev dependency count
- increased byInfinity%
14
- Number of package files
- decreased by-42.86%
4
No dependency changes