Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
poetry-plugin-lambda-build
Advanced tools
The plugin for poetry that allows you to build zip packages suited for serverless deployment like AWS Lambda, Google App Engine, Azure App Service, and more...
The plugin for poetry that allows you to build zip packages suited for serverless deployment like AWS Lambda, Google App Engine, Azure App Service, and more...
Additionally it provides docker container support for build inside container
poetry self add poetry-plugin-lambda-build
Configure pyproject.toml
with the following configuration. This is example for AWS Lambda configuration
[tool.poetry-plugin-lambda-build]
docker-image = "public.ecr.aws/sam/build-python3.11:latest-x86_64"
docker-network = "host"
layer-artifact-path = "artifacts/layer.zip"
layer-install-dir = "python"
function-artifact-path = "artifacts/function.zip"
Running ...
poetry build-lambda
will build function and layer packages for AWS Lambda deployment inside public.ecr.aws/sam/build-python3.11:latest-x86_64
container.
artifacts
├── function.zip
└── layer.zip
Running ...
poetry build-lambda docker-image="public.ecr.aws/sam/build-python3.12:latest-x86_64"
will override docker-image
value in config
[tool.poetry-plugin-lambda-build]
package-artifact-path = "package.zip"
[tool.poetry-plugin-lambda-build]
package-install-dir = "python"
package-artifact-path = "layer.zip"
[tool.poetry-plugin-lambda-build]
layer-artifact-path = "layer.zip"
layer-install-dir = "python"
function-artifact-path = "function.zip"
[tool.poetry-plugin-lambda-build]
docker-image = "public.ecr.aws/sam/build-python3.11:latest-x86_64"
docker-network = "host"
layer-artifact-path = "layer.zip"
layer-install-dir = "python"
function-artifact-path = "function.zip"
poetry build-lambda help
Description:
Execute to build lambda lambda artifacts
Usage:
build-lambda [options] [--] [<docker-image> [<docker-entrypoint> [<docker-environment> [<docker-dns> [<docker-network> [<docker-network-mode> [<docker-platform> [<package-artifact-path> [<package-install-dir> [<function-artifact-path> [<function-install-dir> [<layer-artifact-path> [<layer-install-dir> [<only> [<without> [<with> [<zip-compresslevel> [<zip-compression> [<pre-install-script>]]]]]]]]]]]]]]]]]]]
Arguments:
docker-image The image to run
docker-entrypoint The entrypoint for the container (comma separated string) [default: "/bin/bash"]
docker-environment Environment variables to set inside the container (comma separated string) ex. VAR_1=VALUE_1,VAR_2=VALUE_2
docker-dns Set custom DNS servers (comma separated string)
docker-network The name of the network this container will be connected to at creation time [default: "host"]
docker-network-mode Network-mode
docker-platform Platform in the format os[/arch[/variant]]. Only used if the method needs to pull the requested image.
package-artifact-path Output package path (default: package.zip). Set the '.zip' extension to wrap the artifact into a zip package otherwise, output will be created in the directory. [default: "package.zip"]
package-install-dir Installation directory inside artifact for single package [default: ""]
function-artifact-path Output function package path. Set the '.zip' extension to wrap the artifact into a zip package otherwise, output will be created in the directory.
function-install-dir Installation directory inside artifact for function package [default: ""]
layer-artifact-path Output layer package path. Set the '.zip' extension to wrap the artifact into a zip package otherwise, output will be created in the directory.
layer-install-dir Installation directory inside artifact for layer package [default: ""]
only The only dependency groups to include
without The dependency groups to ignore
with The optional dependency groups to include
zip-compresslevel None (default for the given compression type) or an integer specifying the level to pass to the compressor. When using ZIP_STORED or ZIP_LZMA this keyword has no effect. When using ZIP_DEFLATED integers 0 through 9 are accepted. When using ZIP_BZIP2 integers 1 through 9 are accepted.
zip-compression ZIP_STORED (no compression), ZIP_DEFLATED (requires zlib), ZIP_BZIP2 (requires bz2) or ZIP_LZMA (requires lzma) [default: "ZIP_STORED"]
pre-install-script The script that is executed before installation.
Options:
--no-checksum Enable to suppress checksum checking
--docker-network-disabled Disable networking
-h, --help Display help for the given command. When no command is given display help for the list command.
-q, --quiet Do not output any message.
-V, --version Display this application version.
--ansi Force ANSI output.
--no-ansi Disable ANSI output.
-n, --no-interaction Do not ask any interactive question.
--no-plugins Disables plugins.
--no-cache Disables Poetry source caches.
-C, --directory=DIRECTORY The working directory for the Poetry command (defaults to the current working directory).
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug.
Make sure to configure DOCKER_HOST
properly
export DOCKER_HOST=unix:///Users/$USER/.docker/run/docker.sock
FAQs
The plugin for poetry that allows you to build zip packages suited for serverless deployment like AWS Lambda, Google App Engine, Azure App Service, and more...
We found that poetry-plugin-lambda-build demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.