serverless-haskell 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
serverless-haskell 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
serverless-haskell 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 MIT License
开发语言 JavaScript
操作系统 跨平台
软件类型 开源软件
所属分类 云计算Serverless 系统
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-12-02


Serverless Haskell

Build status Hackage Stackage LTS Hackage dependencies npm

Deploying Haskell code onto AWS Lambda using Serverless.



There are two ways to start, either via the stack template, or directly modifying a project. You may want to use the manual approach as the template specifies a specific stack resolver as it needs to hardcode the stack.yaml file.

In either case, you will want to have Serverless installed, eg. npm install -g serverless.

Using the stack template

  • Create a Stack package for your code:

    stack new mypackage
  • Update the resolver in the stack.yaml file. This is hardcoded as the resolver number is not known at template interpolation time. You should pick either the latest resolver, or one you have used before and have thus prebuilt many of the core packages for.

  • Install the dependencies and build the project:

    cd mypackage
    npm install
    stack build
    sls invoke local -f mypackage-func

    This should invoke serverless locally and display output once everything has built.


  • Create a Stack package for your code:

    stack new mypackage

    LTS 10-17 are supported, older versions are likely to work too but untested.

  • Initialise a Serverless project inside the Stack package directory and install the serverless-haskell plugin:

    cd mypackage
    npm init -y
    npm install --save serverless serverless-haskell@x.y.z

    The version of the NPM package to install must match the version of the Haskell package.

  • Create serverless.yml with the following contents:

    service: myservice
      name: aws
      runtime: haskell
        handler: mypackage.mypackage-exe
        # Here, mypackage is the Haskell package name and mypackage-exe is the
        # executable name as defined in the Cabal file. The handler field may be
        # prefixed with a path of the form `dir1/.../dirn`, relative to
        # `serverless.yml`, which points to the location where the Haskell
        # package `mypackage` is defined. This prefix is not needed when the
        # Stack project is defined at the same level as `serverless.yml`.
      - serverless-haskell
  • Write your main function:

    import qualified Data.Aeson as Aeson
    import AWSLambda
    main = lambdaMain handler
    handler :: Aeson.Value -> IO [Int]
    handler evt = do
      putStrLn "This should go to logs"
      print evt
      pure [1, 2, 3]
  • Add aeson and serverless-haskell to package.yaml:

    - base >= 4.7 && < 5
    - aeson
    - serverless-haskell
  • Build and test locally using sls invoke local:

    The serverless-haskell plugin will build the package using Stack. Note that the first build can take a long time. Consider adding export SLS_DEBUG=* so you can see what is happening.

    export SLS_DEBUG=*
    sls invoke local -f myfunc
  • Use sls deploy to deploy the executable to AWS Lambda.

    The serverless-haskell plugin will build the package using Stack, then upload it to AWS together with a JavaScript wrapper to pass the input and output from/to AWS Lambda.

    export SLS_DEBUG=*
    sls deploy

    You can test the function and see the invocation results with:

    sls invoke -f myfunc`

API Gateway

This plugin supports handling API Gateway requests. Declare the HTTP events normally in serverless.yml and use AWSLambda.Events.APIGateway in the handler to process them.

Serverless Offline can be used for local testing of API Gateway requests. You must use --useDocker flag so that the native Haskell runtime works correctly.

When using Serverless Offline, make sure that the project directory is world-readable, otherwise the started Docker container will be unable to access the handlers and all invocations will return HTTP status 502.


  • Only AWS Lambda is supported at the moment. Other cloud providers would require different JavaScript wrappers to be implemented.

See AWSLambda for documentation, including additional options to control the deployment.


master branch is the stable version. It is normally released to Hackage once new changes are merged via Git tags.

The package is also maintained in Stackage LTS, provided the dependencies are not blocking it.


  • Haskell code is tested with Stack: stack test.
  • TypeScript code is linted with eslint.

Integration tests

Integration test verifies that the project can build and deploy a complete function to AWS, and it runs with expected functionality.

Integration test is only automatically run up to deployment due to the need for an AWS account. To run manually:

  • Ensure you have the required dependencies:
  • Get an AWS account and add the access credentials into your shell environment.
  • Run ./integration-test/ The exit code indicates success.
  • To verify just the packaging, without deployment, run ./integration-test/ --dry-run.
  • By default, the integration test is run with the LTS specified in stack.yaml. To specify a different series, use RESOLVER_SERIES=lts-9.
  • To avoid creating a temporary directory for every run, specify --no-clean-dir. This can speed up repeated test runs, but does not guarantee the same results as a clean test.


  • Ensure you are on the master branch.
  • Ensure that all the changes are reflected in the changelog.
  • Run the integration tests.
  • Run ./bumpversion major|minor|patch. This will increment the version number, update the changelog, create and push the Git tag and the branch.
  • If you have released an LTS version, merge the version branch into master, taking care of the conflicts around version numbers and changelog, and release the latest version as well.



{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
jszip 安全漏洞
jszip是一个用于创建、读取和编辑.zip文件的JavaScript库。 jszip 3.7.0之前版本存在安全漏洞,该漏洞源于当创建一个新的zip文件,文件名设置为对象原型值时,将返回一个带有修改过的原型实例的对象。
CVE-2021-23413 MPS-2021-11050
2022-08-08 21:14
node-tar 路径遍历漏洞
node-tar是一款用于文件压缩/解压缩的软件包。 npm node-tar 存在路径遍历漏洞,该漏洞源于4.4.18、5.0.10和6.1.9之前的npm包“tar”(又名node-tar)存在任意文件创建覆盖和任意代码执行漏洞。攻击者可利用该漏洞访问受限目录之外的位置。
CVE-2021-37713 MPS-2021-28489
2022-08-08 21:14
Axios 拒绝服务 漏洞
Axios 是一个基于promise 网络请求库。 漏洞版本的axios 容易受到低效正则表达式复杂性的影响,从而引发拒绝服务 (ReDoS) 的攻击。
CVE-2021-3749 MPS-2021-30688
2022-08-08 21:14
Moment.js 正则拒绝服务漏洞
Moment.js 是一个 JavaScript 日期库。用于解析、验证、操作和格式化日期。 Moment.js 在处理嵌套 rfc2822 注释内容时正则表达式执行时间不断的指数增大,导致服务不可用。 攻击者可利用该漏洞使目标服务停止响应甚至崩溃。
CVE-2022-31129 MPS-2022-11159
2022-08-08 21:14
Moment.js 路径遍历漏洞
Moment.js 是一个 JavaScript 日期库。用于解析、验证、操作和格式化日期。 Moment.js 的 npm 版本中处理目录遍历序列时对于输入验证不严格导致可以构造特制的 HTTP 请求读取系统上的任意文件。 攻击者可利用该漏洞访问系统敏感文件。
CVE-2022-24785 MPS-2022-3752
2022-08-08 21:14
simple-git-hooks是一个应用软件。一个简单的git钩子经理小型项目。simple-git-hooks 3.5.0之前版本存在安全漏洞,攻击者利用该漏洞进行命令注入。
CVE-2022-24066 MPS-2022-5073
2022-08-08 21:14
Async 安全漏洞
Async是英国Caolan McMahon个人开发者的一个实用模块。用于使用异步 JavaScript。 Async 3.2.1 及之前版本存在安全漏洞,该漏洞源于 mapValues() 方法。攻击者可通过 mapValues() 方法获取权限。
CVE-2021-43138 MPS-2021-34434
2022-08-08 21:14
ramda 存在拒绝服务漏洞
此软件包的受影响版本容易受到源/修剪中的正则表达式拒绝服务 (ReDoS) 的攻击。
2022-08-08 21:14
tar 存在拒绝服务漏洞
tar 是用于 Node.js 的全功能 Tar。此软件包的受影响版本容易受到正则表达式拒绝服务 (ReDoS) 的攻击。
2022-08-08 21:14
follow-redirects project信息暴露漏洞
Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
CVE-2022-0536 MPS-2022-3636
2022-08-08 21:14
Npm Node-tar 后置链接漏洞
node-tar是一款用于文件压缩/解压缩的软件包。 Npm Node-tar 中存在后置链接漏洞,该漏洞源于产品未对特殊字符做有效验证。攻击者可通过该漏洞在其他路径创建恶意文件。
CVE-2021-37712 MPS-2021-28488
2022-08-08 21:14
github ws 资源管理错误漏洞
github ws是一个应用软件。一种易于使用,运行迅速且经过全面测试的WebSocket客户端和服务器实现的方法。 漏洞版本中“Sec-Websocket-Protocol”标头的一个特殊的值可以用来显著降低ws服务器的速度,从而导致拒绝服务漏洞。
CVE-2021-32640 MPS-2021-7109
2022-08-08 21:14
Follow Redirects 安全漏洞
Follow Redirects是一个自动遵循 Http(s) 重定向的 Node.js 模块。 Follow Redirects 存在安全漏洞,该漏洞源于follow-redirects容易暴露私人个人信息给未经授权的参与者。
CVE-2022-0155 MPS-2022-0815
2022-08-08 21:14
Npm Node-tar 后置链接漏洞
node-tar是一款用于文件压缩/解压缩的软件包。 Npm Node-tar 中存在后置链接漏洞,该漏洞源于产品未对特殊字符做有效验证。攻击者可通过该漏洞在其他路径创建恶意文件。
CVE-2021-37701 MPS-2021-28486
2022-08-08 21:14
0 评论
0 收藏