Gathering detailed insights and metrics for serverless-offline-ssm
Gathering detailed insights and metrics for serverless-offline-ssm
Installations
npm install serverless-offline-ssmReleases
Unable to fetch releases
Developer
janders223
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=6.0
Typescript Support
Yes
Node Version
10.17.0
NPM Version
6.11.3
Statistics
94 Stars
116 Commits
24 Forks
2 Watching
6 Branches
13 Contributors
Updated on 30 May 2024
Languages
TypeScript (81.36%)
Nix (17.56%)
JavaScript (1.09%)
Total Downloads
Cumulative downloads
Total Downloads
5,941,050
Last day
-5.7%
5,153
Compared to previous day
Last week
8%
29,690
Compared to previous week
Last month
23%
110,817
Compared to previous month
Last year
-20.4%
1,602,911
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
serverless-offline-ssm
This Serverless plugin allows you to develop offline while using AWS SSM parameters in your serverless.yml template. The plugin looks for environment variables which are fulfilled by SSM parameters at build time and substitutes them from a .env file when running locally with the serverless-offline plugin.
NOTE!!
Version 6.x only works with Serverless 3+. Version 5.X only works Serverless 1.69+, if you'd like to use this
plugin with Serverless <= 1.59 use version 4.1.2
Documentation
Installation
First install the plugins using npm or yarn
1npm install serverless-offline serverless-offline-ssm --save-dev 2 3#or 4 5yarn add -D serverless-offline serverless-offline-ssm
Then inside of your project's serverless.yml file add the following to the plugins section. Note it is important that serverless-offline-ssm is loaded before serverless-offline. This is important to ensure that we are setting the variables properly for serverless-offline before it needs them.
NOTE: It is imperative that serverless-offline-ssm be the the first plugin listed in the plugins section of your serverless.yml file. Due to the load order of plugins, other plugins may interfere with the loading of your .env file.
1plugins: 2 - serverless-offline-ssm 3 - serverless-offline
Configuration
You can choose to use a .env file and/or define your variables in
serverless.yml. Variables within serverless-offline-ssm take precedence.
serverless-offline-ssm will always check if the section custom.serverless-offline-ssm
have any values, if not it will fallback to .env
Stages
This plugin executes if the stage defined within the plugin options
or provider sections of your serverless.yaml are includes within the
stages property of the plugin configuration. If this condition has not been
met the plugin has no effect.
The stages property of the plugin configuration can be overridden with a
cli parameter --ssmOfflineStages which takes a comma separated list of
stages.
.env
Your .env file needs to contain only variable names without the ssm: prefix and ~(true|false|split) sulfix.
If you've defined ${ssm:lambda.LAMBDA_NAME.DB_DSN~true} in serverless.yml file your .env need to be like the example bellow:
lambda.LAMBDA_NAME.DB_DSN="VAR VALUE"
serverless.yml
1provider: 2 stage: offline 3custom: 4 serverless-offline-ssm: 5 stages: 6 - offline 7 ssm: 8 'lambda.LAMBDA_NAME.DB_DSN': 'sample-value-goes-here' 9 'another.sample.value': '99 red baloons'
Contributing
Pull requests are always welcome. Please see the contributing guidelines.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 26 are checked with a SAST tool
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/4 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/thoreinstein/serverless-offline-ssm/nodejs.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:18
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More