Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project dead? #262

Open
jvgeee opened this issue Feb 26, 2021 · 16 comments
Open

Project dead? #262

jvgeee opened this issue Feb 26, 2021 · 16 comments

Comments

@jvgeee
Copy link

jvgeee commented Feb 26, 2021

14 PRs, no real activity for ~1.5 years, is this project still alive? Need new contributors/maintainers?

If so, please let the community help! This project has 35,000 weekly downloads on NPM so I'm sure there'll be a lot of interest in keeping it alive.

@majindageta
Copy link

Kinda dead, i'm still using this a lot.

for this PR #229
i'm stuck to a previous version, i'll have to find time to find a solution

@estahn
Copy link

estahn commented Jul 8, 2022

Probably best to fork and have it maintained elsewhere. What do you think @AshanFernando

@caseyfw
Copy link

caseyfw commented Nov 29, 2022

My company literally can't use this in its current state as it has dependencies with known critical vulnerabilities.

Such a shame, because it's literally just a matter of merging some of the dependabot PRs.

@AshanFernando
Copy link
Collaborator

AshanFernando commented Nov 30, 2022

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

@caseyfw
Copy link

caseyfw commented Dec 3, 2022

Probably the worst possible solution from a community perspective, but I ended up re-writing a lean version of this plugin in TS, implementing just the docker version of starting DynamoDB and the migrations mechanism, and put it in one of my company's private library monorepos.

We're busy migrating away from Serverless, so I'm probably not well placed to act as maintainer, and my company is really weird about open-sourcing things.

Given the 35k weekly downloads, there must be some folk out there who would be ideal maintainers.

@yoelfme
Copy link

yoelfme commented Dec 20, 2022

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

👍🏽

@OPthyago
Copy link
Collaborator

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

+1

@kalanchoej
Copy link
Collaborator

kalanchoej commented Mar 6, 2023

My company literally can't use this in its current state as it has dependencies with known critical vulnerabilities.

Such a shame, because it's literally just a matter of merging some of the dependabot PRs.

We're in the same position.

Also: +1 👍

@AshanFernando
Copy link
Collaborator

@kalanchoej @OPthyago @yoelfme I've added you as maintainers.

@terozio
Copy link

terozio commented Mar 13, 2023

Great if the project has a new set of maintainers! Can we expect a new release soonish fixing the most obvious vulnerable dependencies?

@OPthyago
Copy link
Collaborator

I'm talking with @AshanFernando about it @terozio.

@kdybicz
Copy link

kdybicz commented Apr 21, 2023

for people struggling with critical vulnerabilities: I'm forcing safe versions of problematic dependencies of serverless-dynamodb-local by adding below lines to package.json in my projects. I'm using yarn if that makes any difference.

  "resolutions": {
    "serverless-dynamodb-local/dynamodb-localhost/mocha/yargs-unparser/flat": "^5.0.2",
    "serverless-dynamodb-local/dynamodb-localhost/mocha/minimatch": "^3.1.2",
    "serverless-dynamodb-local/aws-sdk/xml2js": "^0.5.0"
  },

@terozio
Copy link

terozio commented May 10, 2023

Any hope of progress here?

@jvgeee
Copy link
Author

jvgeee commented May 10, 2023

For anyone struggling with this, I've gotten serverless offline + dynamodb local working with the following:

  1. Using this fork of serverless-dynamodb-local which updates a bunch of dependancies - most importantly this fixes a broken version of dynamodb-localhost.
  2. Using Dynamodb Toolbox. I was using Dynogels previously but it's no longer supported

Relevant dependencies from my package.json:

"devDependencies": {
    "@aws-sdk/client-dynamodb": "^3",
    "@aws-sdk/credential-providers": "^3.312.0",
    "@aws-sdk/lib-dynamodb": "^3",
    "serverless-dynamodb-local": "https://github.com/eheyder/serverless-dynamodb-local",
    "serverless-offline": "^12.0.4",
    "serverless-prune-plugin": "^1.5.1",
    "serverless-webpack": "^5.11.0",
}

Works totally fine now.

@AshanFernando @OPthyago At a bare minimum could you update the dynamodb-localhost dependency here?

@yudikubota
Copy link

Any maintained forks?

@domdomegg
Copy link

It's a shame this thread didn't get the project back alive. There is a maintained fork that has committed to ongoing longer-term maintenace (Disclaimer: I am a contributor to this fork):

Solution: You can use serverless-dynamodb, a maintained fork. It is a drop-in replacement for this package, and is updated to fix this bug. This is a drop-in replacement for serverless-dynamodb-local, so to upgrade simply:

  1. Uninstall serverless-dynamodb-local, e.g. npm uninstall serverless-dynamodb-local
  2. Install serverless-dynamodb, e.g. npm install serverless-dynamodb
  3. Update references in your code, including your serverless config, from serverless-dynamodb-local to serverless-dynamodb (quite possible that you won't have any, as you just refer to it from your serverless config)
  4. (optional) Update your serverless config custom dynamodb key to serverless-dynamodb

Of course, it's all still open-source and MIT licensed. Ownership of this new package sits with a registered charity, that is committed to maintaining the package into the future and is open to contributions from the community.

There's an explanation as to the intentions behind this fork, and how it compares to other forks in the README.

In any case would be open to feedback on the fork - can drop create an issue in that repository or email me (address on profile).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests