Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The SST (Serverless Stack Toolkit) npm package is a framework for building serverless applications. It provides a set of tools and abstractions to simplify the development, deployment, and management of serverless applications on AWS. SST supports various AWS services and allows developers to define their infrastructure as code using AWS CDK (Cloud Development Kit).
Define Infrastructure
This feature allows you to define your cloud infrastructure using SST. In this example, an S3 bucket is created within a stack.
const sst = require('@serverless-stack/resources');
class MyStack extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
// Define an S3 bucket
const bucket = new sst.Bucket(this, 'MyBucket');
}
}
module.exports = function main(app) {
new MyStack(app, 'my-stack');
};
Deploy Lambda Functions
This feature allows you to deploy AWS Lambda functions easily. In this example, a Lambda function is defined with a handler located at 'src/lambda.handler'.
const sst = require('@serverless-stack/resources');
class MyStack extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
// Define a Lambda function
const lambda = new sst.Function(this, 'MyFunction', {
handler: 'src/lambda.handler',
});
}
}
module.exports = function main(app) {
new MyStack(app, 'my-stack');
};
API Gateway Integration
This feature allows you to integrate API Gateway with your Lambda functions. In this example, an API Gateway is created with a route that triggers the Lambda function defined at 'src/lambda.handler'.
const sst = require('@serverless-stack/resources');
class MyStack extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
// Define an API Gateway
const api = new sst.Api(this, 'Api', {
routes: {
'GET /': 'src/lambda.handler',
},
});
}
}
module.exports = function main(app) {
new MyStack(app, 'my-stack');
};
The Serverless Framework is a popular open-source framework for building and deploying serverless applications. It supports multiple cloud providers, including AWS, Azure, and Google Cloud. Compared to SST, Serverless Framework offers a more extensive plugin ecosystem and broader cloud provider support, but SST provides tighter integration with AWS CDK.
The AWS Cloud Development Kit (CDK) is a framework for defining cloud infrastructure using familiar programming languages. It allows developers to define their infrastructure as code and provides high-level constructs for AWS services. While SST uses AWS CDK under the hood, it adds additional abstractions and tools specifically for serverless applications, making it easier to work with serverless architectures.
Pulumi is an infrastructure as code tool that allows developers to define cloud resources using general-purpose programming languages. It supports multiple cloud providers and offers a flexible and modern approach to infrastructure management. Compared to SST, Pulumi provides broader cloud provider support and language flexibility, but SST offers a more focused experience for AWS serverless applications.
SST is a small library for managing state in unidirectional/Flux-like apps.
Selectors are any function beginning with $
and are automatically memoized.
Mutators are functions not beginning with $
and not named initialState
.
Functions beginning with _
are reserved.
If your action/reducer needs the store, it can be explicitly passed in, or it
can be retrieved via a thunk (store) => {...}
where store
is
the SST store.
FAQs
Unknown package
The npm package sst receives a total of 116,520 weekly downloads. As such, sst popularity was classified as popular.
We found that sst demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.