serverless-dynamodb-local icon indicating copy to clipboard operation
serverless-dynamodb-local copied to clipboard

Published 20 hours ago verified publisher icon 99x

Project dead?

Open jvgeee opened this issue 4 years ago • 16 comments
trafficstars

14 PRs, no real activity for ~1.5 years, is this project still alive? Need new contributors/maintainers?

If so, please let the community help! This project has 35,000 weekly downloads on NPM so I'm sure there'll be a lot of interest in keeping it alive.

jvgeee avatar Feb 26 '21 05:02 jvgeee

Kinda dead, i'm still using this a lot.

for this PR https://github.com/99x/serverless-dynamodb-local/issues/229 i'm stuck to a previous version, i'll have to find time to find a solution

majindageta avatar Aug 25 '21 10:08 majindageta

Probably best to fork and have it maintained elsewhere. What do you think @AshanFernando

estahn avatar Jul 08 '22 13:07 estahn

My company literally can't use this in its current state as it has dependencies with known critical vulnerabilities.

Such a shame, because it's literally just a matter of merging some of the dependabot PRs.

caseyfw avatar Nov 29 '22 14:11 caseyfw

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

AshanFernando avatar Nov 30 '22 03:11 AshanFernando

Probably the worst possible solution from a community perspective, but I ended up re-writing a lean version of this plugin in TS, implementing just the docker version of starting DynamoDB and the migrations mechanism, and put it in one of my company's private library monorepos.

We're busy migrating away from Serverless, so I'm probably not well placed to act as maintainer, and my company is really weird about open-sourcing things.

Given the 35k weekly downloads, there must be some folk out there who would be ideal maintainers.

caseyfw avatar Dec 03 '22 04:12 caseyfw

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

👍🏽

yoelfme avatar Dec 20 '22 17:12 yoelfme

@estahn It seems, we need to reorganize and find a new set of maintainers. Please +1 for this thread if you would like to volunteer as a maintainer so that we can take the project forward.

+1

OPthyago avatar Dec 20 '22 17:12 OPthyago

My company literally can't use this in its current state as it has dependencies with known critical vulnerabilities.

Such a shame, because it's literally just a matter of merging some of the dependabot PRs.

We're in the same position.

Also: +1 👍

kalanchoej avatar Mar 06 '23 18:03 kalanchoej

@kalanchoej @OPthyago @yoelfme I've added you as maintainers.

AshanFernando avatar Mar 07 '23 04:03 AshanFernando

Great if the project has a new set of maintainers! Can we expect a new release soonish fixing the most obvious vulnerable dependencies?

terozio avatar Mar 13 '23 11:03 terozio

I'm talking with @AshanFernando about it @terozio.

OPthyago avatar Mar 13 '23 11:03 OPthyago

for people struggling with critical vulnerabilities: I'm forcing safe versions of problematic dependencies of serverless-dynamodb-local by adding below lines to package.json in my projects. I'm using yarn if that makes any difference.

  "resolutions": {
    "serverless-dynamodb-local/dynamodb-localhost/mocha/yargs-unparser/flat": "^5.0.2",
    "serverless-dynamodb-local/dynamodb-localhost/mocha/minimatch": "^3.1.2",
    "serverless-dynamodb-local/aws-sdk/xml2js": "^0.5.0"
  },

kdybicz avatar Apr 21 '23 08:04 kdybicz

Any hope of progress here?

terozio avatar May 10 '23 05:05 terozio

For anyone struggling with this, I've gotten serverless offline + dynamodb local working with the following:

  1. Using this fork of serverless-dynamodb-local which updates a bunch of dependancies - most importantly this fixes a broken version of dynamodb-localhost.
  2. Using Dynamodb Toolbox. I was using Dynogels previously but it's no longer supported

Relevant dependencies from my package.json:

"devDependencies": {
    "@aws-sdk/client-dynamodb": "^3",
    "@aws-sdk/credential-providers": "^3.312.0",
    "@aws-sdk/lib-dynamodb": "^3",
    "serverless-dynamodb-local": "https://github.com/eheyder/serverless-dynamodb-local",
    "serverless-offline": "^12.0.4",
    "serverless-prune-plugin": "^1.5.1",
    "serverless-webpack": "^5.11.0",
}

Works totally fine now.

@AshanFernando @OPthyago At a bare minimum could you update the dynamodb-localhost dependency here?

jvgeee avatar May 10 '23 10:05 jvgeee

Any maintained forks?

yudikubota avatar Jun 05 '23 20:06 yudikubota

It's a shame this thread didn't get the project back alive. There is a maintained fork that has committed to ongoing longer-term maintenace (Disclaimer: I am a contributor to this fork):

Solution: You can use serverless-dynamodb, a maintained fork. It is a drop-in replacement for this package, and is updated to fix this bug. This is a drop-in replacement for serverless-dynamodb-local, so to upgrade simply:

  1. Uninstall serverless-dynamodb-local, e.g. npm uninstall serverless-dynamodb-local
  2. Install serverless-dynamodb, e.g. npm install serverless-dynamodb
  3. Update references in your code, including your serverless config, from serverless-dynamodb-local to serverless-dynamodb (quite possible that you won't have any, as you just refer to it from your serverless config)
  4. (optional) Update your serverless config custom dynamodb key to serverless-dynamodb

Of course, it's all still open-source and MIT licensed. Ownership of this new package sits with a registered charity, that is committed to maintaining the package into the future and is open to contributions from the community.

There's an explanation as to the intentions behind this fork, and how it compares to other forks in the README.

In any case would be open to feedback on the fork - can drop create an issue in that repository or email me (address on profile).

domdomegg avatar Jul 04 '23 00:07 domdomegg