npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@idura.eu/cdk-nag-custom

v0.2.2

Published

A collection of custom CDK nag rules used by Idura

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

janidurajaniduramickhansenmickhansen

Keywords

Readme

cdk-nag-custom

A collection of custom CDK nag rules used by Idura

Usage

Add the pack as an aspect on the scope you want checked (typically the app or a specific stack), and call applyIduraSuppressions on the same scope to silence findings we've accepted as baseline org-wide:

import { App, Aspects } from "aws-cdk-lib";
import { AwsSolutionsChecks } from "cdk-nag";
import { IduraChecks, applyIduraSuppressions } from "@idura.eu/cdk-nag-custom";

const app = new App();
// ... define stacks ...

Aspects.of(app).add(new AwsSolutionsChecks());
Aspects.of(app).add(new IduraChecks());
applyIduraSuppressions(app);

applyIduraSuppressions silences these AwsSolutions findings:

  • AwsSolutions-L1 — Lambda runtime not latest. We pin Lambda runtimes to specific Node majors, validate against them before deploy, and keep up with deprecations on our own cadence.
  • AwsSolutions-IAM4, scoped via appliesTo to these AWS-managed policies: AWSLambdaBasicExecutionRole, AWSLambdaVPCAccessExecutionRole, AmazonAPIGatewayPushToCloudWatchLogs, AWSXRayDaemonWriteAccess. Each grants only the minimum privileges for its specific service-role purpose.

If a stack needs additional suppressions, layer them with NagSuppressions.addResourceSuppressions(...) as usual — the helper does not preempt or replace anything.

Local development

Testing changes in a consumer project

Use pnpm pack, not pnpm link:

# In this repo
pnpm build && pnpm pack

# In the consumer project
pnpm add /absolute/path/to/idura.eu-cdk-nag-custom-x.y.z.tgz

pnpm link does not work reliably for this package. The rules use instanceof CfnResource / instanceof CfnFunction to identify resources, which compares class identity. When pnpm links a package, the linked package keeps its own copy of aws-cdk-lib in its node_modules — that's a different class object from the consumer's aws-cdk-lib, so instanceof returns false on every node and the rules silently no-op.

pnpm pack + install respects peer dependencies and resolves to a single aws-cdk-lib in the consumer's tree. The same issue can appear in workspaces or any setup where multiple versions of aws-cdk-lib coexist; the fix is the same — ensure a single copy is installed at the top level.

Releasing

  1. Bump the version on master: pnpm version patch (or minor / major). This commits the version change and creates a v<version> git tag.
  2. Push: git push --follow-tags. The Publish workflow runs on the tag and publishes to npm via OIDC trusted publishing — no NPM_TOKEN secret required.

The workflow verifies that the tag matches package.json's version, runs typecheck + test, and then publishes with --provenance via npm publish (which runs prepublishOnlypnpm build).