Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
thaumaturgy
Advanced tools
Build Node.js packages in AWS Lambda using AWS Lambda.
You can use Node packages in AWS Lambda, but they have to be built for that environment. Instead of spinning up an EC2 instance, you can use Thaumaturgy to build Node packages for AWS Lambda - in AWS Lambda!
Here's an example of what you can do:
thaumaturgy build mysql2:0.15.8 --download /tmp/mysql2.zip
Your output will look like this:
Invoking Thaumaturgy Lambda in AWS with packages mysql2:0.15.8.
Build completed successfully.
Downloading.
Download complete. File at /tmp/mysql2.zip
Thaumaturgy is a command line tool, so you'll need to install it globally.
npm install thaumaturgy -g
You'll also need a Role in AWS IAM that has the minimum permissions listed below, in the Permissions section.
The configure command will store settings in a .thaumaturgy
folder in your home directory.
thaumaturgy configure
You'll be prompted for your:
The deploy command will build the Thaumaturgy Lambda zip file and deploy it to AWS Lambda.
thaumaturgy deploy
Now you're ready to have Thaumaturgy build Node packages for you! You can pass in a list of packages, or tell it to read a package.json file. When the build is complete, Thaumaturgy stores the results in s3. However, you can tell it to automatically download it for you.
Examples:
Build one package -
thaumaturgy build mkdirp:^0.5.1
Build multiple packages -
thaumaturgy build mysql2:0.15.8 mongodb:~2.0.45
Build a package and download it when complete -
thaumaturgy build redis:latest --download /tmp/redis.zip
Build all dependencies
in a package.json -
thaumaturgy build --file package.json
You Role will need the following permissions. These permissions let the Thaumaturgy Lambda store logs in AWS Cloud Watch and store build results in S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
It will also need a 'Trust Relationship' that lets AWS Lambda assume the Role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
WWWWWW||WWWWWW
W W W||W W W
||
( OO )__________
/ | \
/o o| MIT \
\___/||_||__||_|| *
|| || || ||
_||_|| _||_||
(__|__|(__|__|
Copyright (c) John Titus john.titus@gmail.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
0.5.0 - 2015-09-30
Inital commit.
FAQs
Build Node.js packages in AWS Lambda using AWS Lambda.
The npm package thaumaturgy receives a total of 1 weekly downloads. As such, thaumaturgy popularity was classified as not popular.
We found that thaumaturgy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.