Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
stack-graph
Advanced tools
Build graphviz from stack definition file. Outputs .dot file, .json file (structure), .md file (todo list), and .png or .svg graph. Companion to sst-serverless microservice stack
Weekly downloads
Readme
Service to create visual dependency graphs of services setup.
Install npm package
npm install stack-graph
Create a stackdef folder and stackdef file
└───stackdef/
└───stackdef.js
The stackdef file's export default
should be a javascript object containing a stack definition
Install the graphviz locally, e.g. with Homebrew
brew install graphviz
Local use with a index.js
file
const { resolve } = require('path')
const { localGraph, localVerify } = require('stack-graph')
const currentPath = resolve('./')
async function main() {
const result = await localGraph({
inputFilename: 'stackdef.js',
outputFilename: 'service-map',
graphFormat: 'png', // or 'svg'
path: currentPath // required
})
console.log(result.valid) // true (or errors)
const validationResult = await localVerify({
inputFilename: './stackdef.js',
path: currentPath // required
})
console.log(result.valid) // true (or errors)}
}
main()
The function can be called through node function, which takes arguments as well:
node index.js -i stackdef.js -o stackdef -e png -p "/Users/wintvelt/DEV/stack-graph/stackdef"
Parameters are:
-i
stackdef input filename-o
output filename (without extension)-e
export format (png is default, could be svg too)-p
path where input can be found and output will be storedFunction will evaluate args inindex.js
file first, then check parameters passed in through node call.
Converts a stack definition object (of a single service) to
.dot
formatted text string fodc, containing internal entities and event flow (for rendering with graphviz).json
file with the raw, cleaned up structure of nodes and edges.md
file containing all the todos needed to build the code according to the stackdef structure.png
or .svg
file with a picture of the stack stuctureIf you update the stackdef source and run the function again
.md
file with update: any items that were checked in the old file, will also remain checked in the new fileBasic structure of stack definition is
// stackdef.js
module.exports = {
serviceName: "spqr-user",
nodes: []
}
In this structure, nodes
are an array of objects. Each object is a node.
A typical node object has following structure
{
name: "createUser.js",
type: "function",
subs: [], // only for functions or queues
pubs: [], // only for functions
queries: [], // only for functions
description: "add non-obvious notes" // optional
cluster: "internal", // optional, can also be "input" or "output"
}
name
or type
must be provided, where options are
type
: function|table|auth|bucket|topic|queue|email|schedule
name
can be anything, with following remarks
.js
visit-topic
, then type does not need to be provided. Because type can be derived from the nameGET /user
- then the API type will be inferredAPI nodes - input to many services - can optionally be setup in a different way:
{
path: '/',
method: 'GET' // or any other valid http method
type: 'API' // optional, does not need to be provided
}
Best practice is to define nodes only for functions. All other nodes will then be derived from the dependencies.
Use pubs
, subs
and queries
to make connections between nodes. Each item can be a name string (make sure that the type can be derived from the name, e.g. POST /user
(API), createUser.js
(another function), table
(table)
Or an item can be an object
{
name: 'POST /user',
serviceName: 'external-service', // optional, add if the dependency is to external item
async: true, // optional for pub, use to indicate if connection is async
isQuery: true, // optional for pub, use to indicate if connection is a query (read not write)
filters: {}, // optional for pubs and subs
description: "add non-obvious notes" // optional
}
Filters are relevant for pub or sub to topics:
pub
they should include the relevant attributes added to topic message, e.g. { sections: "profile, photo, address" }
sub
they should include the relevant attributes to filter messages for this sub, e.g. { eventName: "MODIFY", sections: "profile" }
Query dependencies get a different color. Async calls are indicated by an open arrow. NB: Streamed events (from auth and db) are technically not asynchronous. For sake of schema, they are noted as async calls. For both 'real' async calls and streamed events, consideration should be given to capture dead letters and/or failed calls from stream.
If a node or dependency item has the string dlq
(for dead letter queue) of failover
in its name, the node will get a different layout. You would want to monitor these from somewhere else. Best practice is to include a
The following stackdef.js
definition:
Will generate this image:
And this todo list:
FAQs
Build graphviz from stack definition file. Outputs .dot file, .json file (structure), .md file (todo list), and .png or .svg graph. Companion to sst-serverless microservice stack
The npm package stack-graph receives a total of 17 weekly downloads. As such, stack-graph popularity was classified as not popular.
We found that stack-graph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.