-
-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add package.json #2
Comments
Is it just a package.json that's required, or does it need to be published to npm? |
The package.json allows me to include it as a dependency straight from github (see below). {
"name": "aws-git-client-nodejs",
"version": "1.0.0",
"description": "CodeCommit example using git client",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"dependencies": {
"async": "^2.6.1",
"simple-git": "^1.95.0"
},
"devDependencies": {
"git-lambda-layer": "lambci/git-lambda-layer",
"serverless": "^1.35.0"
},
"author": "Marcelo Bernardes (https://github.com/marcelobern)",
"license": "MIT"
} Publishing on npm would allow users to specify which version they want to have as a dependency, so it is probably better. As I thought about this, we probably will need a boiler plate index.js (something just with |
@mhart Happy New Year!!! Wanted to follow up and check if you want me to create a PR for this. I am hoping to wrap up the serverless PR changes by this weekend as |
Hi @mhart I figured you have been tied up elsewhere so I went ahead and:
I will be more than happy to transfer the npm package ownership if you can provide me a npm username for the new owner. |
Just thinking about this some more – why do you want this as a devDependency in your package.json? That feels like a bug – devDependencies are supposed to be Node.js modules, and this isn't one. |
Here's the documentation on layers in the serverless framework, and it doesn't mention anything about package.json or anything like that, you just use the layer ARN: https://serverless.com/framework/docs/providers/aws/guide/layers#using-your-layers |
Thanks for taking the time to look this through. You are correct. If one will use an existing layer (e.g. the arns provided as part of git-lambda-layer) no package.json is needed. As I far as I know, given a layer's arn one cannot inspect its code (e.g. for an audit). So if there are security/traceability concerns it might be necessary to deploy one's own git-lambda-layer (instead of using the arns provided in the git-lambda-layer README.md). When using That is where the Hopefully this clarifies the use case and need for package.json Please let me know in case you have any further questions. |
You can absolutely inspect layers, eg:
(replace with the That will give you a url in The reason I'm pushing back on this is that I don't really want people to npm install this – it's not the correct way to use it – even with the serverless framework AFAICT – much easier just to use the ARNs. |
Good, I am fine with that. Thanks for pointing out how to get the layer code. |
No probs, thanks for understanding 👍 |
I am updating an open PR for
serverless
to usegit-lambda-layer
instead oflambda-git
.Having a
package.json
is required bynpm
when I addgit-lambda-layer
as a github dev-dependency.Would it be to much trouble to add a
package.json
?If you prefer I can do it in a PR so you just have to merge it ;-)
Thanks in advance!
The text was updated successfully, but these errors were encountered: