Gathering detailed insights and metrics for sls-prune-plugin-v2
Gathering detailed insights and metrics for sls-prune-plugin-v2
Serverless Framework plugin to reap unused versions of deployed functions from AWS
Installations
npm install sls-prune-plugin-v2Developer Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
20.17.0
NPM Version
10.8.2
Releases
27
Languages
1
JavaScript
JavaScript (100%)
Developer
claygregory
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
366 Stars
117 Commits
35 Forks
9 Watchers
3 Branches
11 Contributors
Updated on Jan 21, 2025
Maintainers
1
Package Meta Information
Latest Version
2.1.1
Package Id
sls-prune-plugin-v2@2.1.1
Unpacked Size
20.62 kB
Size
6.54 kB
File Count
16
NPM Version
10.8.2
Node Version
20.17.0
Published on
Sep 10, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Dev Dependencies
4
Serverless Prune Plugin
Following deployment, the Serverless Framework does not purge previous versions of functions from AWS, so the number of deployed versions can grow out of hand rather quickly. This plugin allows pruning of all but the most recent version(s) of managed functions from AWS. This plugin is compatible with Serverless 1.x and higher.
Installation
Install with npm:
1npm install --save-dev serverless-prune-plugin
And then add the plugin to your serverless.yml file:
1plugins: 2 - serverless-prune-plugin
Alternatively, install with the Serverless plugin command (Serverless Framework 1.22 or higher):
1sls plugin install -n serverless-prune-plugin
Usage
In the project root, run:
1sls prune -n <number of version to keep>
This will delete all but the n-most recent versions of each function deployed. Versions referenced by an alias are automatically preserved.
Single Function
A single function can be targeted for cleanup:
1sls prune -n <number of version to keep> -f helloWorld
Region/Stage
The previous usage examples prune the default stage in the default region. Use --stage and --region to specify:
1sls prune -n <number of version to keep> --stage production --region eu-central-1
Automatic Pruning
This plugin can also be configured to run automatically, following a deployment. Configuration of automatic pruning is within the custom property of serverless.yml. For example:
1custom: 2 prune: 3 automatic: true 4 number: 3
To run automatically, the automatic property of prune must be set to true and the number of versions to keep must be specified.
It is possible to set number to 0. In this case, the plugin will delete all the function versions (except $LATEST); this is useful when disabling function versioning for an already-deployed stack.
Layers
This plugin can also prune Lambda Layers in the same manner that it prunes functions. You can specify a Lambda Layer, or add the flag, includeLayers:
1custom: 2 prune: 3 automatic: true 4 includeLayers: true 5 number: 3
Dry Run
A dry-run will preview the deletion candidates, without actually performing the pruning operations:
1sls prune -n <number of version to keep> --dryRun
Additional Help
See:
1sls prune --help
Permissions Required
To run this plugin, the user will need to be allowed the following permissions in AWS:
lambda:listAliaseslambda:listVersionsByFunctionlambda:deleteFunctionlambda:listLayerVersionslambda:deleteLayerVersion
Common Questions
How do I set up different pruning configurations per region/stage?
Several suggestions are available in this thread.
Can I just disable versioning entirely?
Absolutely. While Serverless Framework has it enabled by default, versioning can be disabled.
License
Copyright (c) 2017 Clay Gregory. See the included LICENSE for rights and limitations under the terms of the MIT license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
Found 1/9 approved changesets -- score normalized to 1
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More