Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Post: Lavamoat #23

Open
flyck opened this issue Jan 14, 2023 · 3 comments
Open

New Post: Lavamoat #23

flyck opened this issue Jan 14, 2023 · 3 comments
Labels
blogpost

Comments

@flyck
Copy link
Collaborator

flyck commented Jan 14, 2023

No description provided.

@hendriknielaender
Copy link
Owner

idea: how to secure nextjs/trpc/create-t3-app with lavamoat?

These are the steps we need to integrate.

  1. disable/allow dependency lifecycle scripts (eg. "postinstall") via @lavamoat/allow-scripts
  2. run your server or build process in lavamoat-node
  3. build your ui with LavaMoat for Browserify

@flyck
Copy link
Collaborator Author

flyck commented Jan 21, 2023

DALL·E 2023-01-21 15 27 39 - show a castle with a gate at its center on top of a magma rock with some soldiers attacking from the side and a dragon that is made out of json text f
DALL·E 2023-01-21 15 37 45 - a dragon spewing out packages at a castle on top of lava, digital art

@flyck flyck added the blogpost label Jan 21, 2023
@flyck
Copy link
Collaborator Author

flyck commented Apr 23, 2023

In node20 there are now some experimental runtime permissions. You can limit the access to file reads/writes for the program as a whole.

Lavamoat is still more fine-grained here, as it allows package-specific rules. Also with the node20 features it will take a while until they are available in AWS to a broader audience.

Lavamoat still doesnt support webpack or esbuild, so I suppose this means I can only run it in the lavamoat runtime, for which I will create an example in a custom lambda runtime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blogpost
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flyck @hendriknielaender