npm - @aws/nx-plugin - Versions diffs - 0.49.0 → 0.50.0 - Mend

@aws/nx-plugin 0.49.0 → 0.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/src/utils/files/common/constructs/src/core/checkov.ts.template ADDED Viewed

@@ -0,0 +1,44 @@
+import { IConstruct } from 'constructs';
+import { CfnResource } from 'aws-cdk-lib';
+/**
+ * Suppresses a set of rules for a construct tree.
+ *
+ * @param construct The root construct to suppress the rule for.
+ * @param ids The ids of the rules to suppress.
+ * @param comment The reason for suppressing the rule
+ * @param predicate A predicate function that determines whether the rule should be suppressed for the given construct or any of its descendants.
+ *
+ * @example
+ * The following example suppresses the CKV_AWS_XXX rule for the given construct.
+ * suppressRules(construct, ['CKV_AWS_XXX'], 'Not required for this use case')
+ *
+ * @example
+ * The following example suppresses the CKV_AWS_XXX rule for the construct or any of its descendants if it is an instance of Bucket:
+ * suppressRules(construct, ['CKV_AWS_XXX'], 'Not required for this use case', (construct) => construct instanceof Bucket)
+ */
+export const suppressRules = (
+  construct: IConstruct,
+  ids: string[],
+  comment: string,
+  predicate?: (construct: IConstruct) => boolean,
+) => {
+  const resources = (
+    predicate ? construct.node.findAll().filter(predicate) : [construct]
+  )
+    .map((resource) => {
+      if (CfnResource.isCfnResource(resource)) {
+        return resource;
+      } else return resource.node.defaultChild;
+    })
+    .filter((resource) => CfnResource.isCfnResource(resource));
+  resources.forEach((resource) => {
+    const metadata = resource.getMetadata('checkov') || {};
+    metadata['skip'] = [
+      ...(metadata['skip'] ?? []),
+      ...ids.map((id) => ({ id, comment })),
+    ];
+    resource.addMetadata('checkov', metadata);
+  });
+};

package/src/utils/files/common/constructs/src/core/index.ts.template CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from './app.js';
+export * from './checkov.js';
 export * from './runtime-config.js';

package/src/utils/fs.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { Tree } from '@nx/devkit';
+/**
+ * Utility class for creating platform agnostic commands for filesystem operations.
+ * Adds the required dependencies to the root package json
+ */
+export declare class FsCommands {
+    private tree;
+    constructor(tree: Tree);
+    cp(src: string, dst: string): string;
+    rm(dir: string): string;
+    mkdir(dir: string): string;
+}

package/src/utils/fs.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FsCommands = void 0;
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const devkit_1 = require("@nx/devkit");
+const versions_1 = require("./versions");
+/**
+ * Utility class for creating platform agnostic commands for filesystem operations.
+ * Adds the required dependencies to the root package json
+ */
+class FsCommands {
+    constructor(tree) {
+        this.tree = tree;
+    }
+    cp(src, dst) {
+        (0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['ncp']));
+        return `ncp ${src} ${dst}`;
+    }
+    rm(dir) {
+        (0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['rimraf']));
+        return `rimraf ${dir}`;
+    }
+    mkdir(dir) {
+        (0, devkit_1.addDependenciesToPackageJson)(this.tree, {}, (0, versions_1.withVersions)(['make-dir-cli']));
+        return `make-dir ${dir}`;
+    }
+}
+exports.FsCommands = FsCommands;
+//# sourceMappingURL=fs.js.map

package/src/utils/fs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fs.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/fs.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,uCAAgE;AAChE,yCAA0C;AAE1C;;;GAGG;AACH,MAAa,UAAU;IAGrB,YAAY,IAAU;QACpB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAEM,EAAE,CAAC,GAAW,EAAE,GAAW;QAChC,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;IAC7B,CAAC;IAEM,EAAE,CAAC,GAAW;QACnB,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,GAAW;QACtB,IAAA,qCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,uBAAY,EAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,YAAY,GAAG,EAAE,CAAC;IAC3B,CAAC;CACF;AArBD,gCAqBC"}

package/src/utils/identity-constructs/files/cdk/core/user-identity.ts.template CHANGED Viewed

@@ -16,6 +16,7 @@ import {
 import { Construct } from 'constructs';
 import { RuntimeConfig } from './runtime-config.js';
 import { Distribution } from 'aws-cdk-lib/aws-cloudfront';
+import { suppressRules } from './checkov.js';
 const WEB_CLIENT_ID = 'WebClient';
 /**
@@ -52,6 +53,13 @@ export class UserIdentity extends Construct {
       userPoolWebClientId: this.userPoolClient.userPoolClientId,
     };
+    suppressRules(
+      this.userPool,
+      ['CKV_AWS_111'],
+      'SMS Role requires wildcard resource',
+      (c) => c.node.path.includes('/smsRole/'),
+    );
     new CfnOutput(this, `${id}-UserPoolId`, {
       value: this.userPool.userPoolId,
     });

package/src/utils/nx.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-import { Tree } from '@nx/devkit';
+import { ProjectConfiguration, Tree } from '@nx/devkit';
 export interface NxGeneratorInfo {
     readonly id: string;
     readonly metric: string;
@@ -25,8 +25,15 @@ export declare const getPackageVersion: () => string;
 /**
  * Read a project configuration where the project name may not be fully qualified (ie may omit the scope prefix)
  */
-export declare const readProjectConfigurationUnqualified: (tree: Tree, projectName: string) => import("@nx/devkit").ProjectConfiguration;
+export declare const readProjectConfigurationUnqualified: (tree: Tree, projectName: string) => ProjectConfiguration;
 /**
  * Add metadata about the generator to the project.json
  */
-export declare const addGeneratorMetadata: (tree: Tree, projectName: string, info: NxGeneratorInfo) => void;
+export declare const addGeneratorMetadata: (tree: Tree, projectName: string, info: NxGeneratorInfo, additionalMetadata?: {
+    [key: string]: any;
+}) => void;
+/**
+ * Mutate the project to add the dependency to the target if not already present
+ * Adds the target if not present.
+ */
+export declare const addDependencyToTargetIfNotPresent: (project: ProjectConfiguration, target: string, dependency: string) => void;

package/src/utils/nx.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addGeneratorMetadata = exports.readProjectConfigurationUnqualified = exports.getPackageVersion = exports.getGeneratorInfo = exports.listGenerators = void 0;
+exports.addDependencyToTargetIfNotPresent = exports.addGeneratorMetadata = exports.readProjectConfigurationUnqualified = exports.getPackageVersion = exports.getGeneratorInfo = exports.listGenerators = void 0;
 const tslib_1 = require("tslib");
 /**
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
@@ -62,9 +62,24 @@ exports.readProjectConfigurationUnqualified = readProjectConfigurationUnqualifie
 /**
  * Add metadata about the generator to the project.json
  */
-const addGeneratorMetadata = (tree, projectName, info) => {
+const addGeneratorMetadata = (tree, projectName, info, additionalMetadata) => {
     const config = (0, exports.readProjectConfigurationUnqualified)(tree, projectName);
-    (0, devkit_1.updateProjectConfiguration)(tree, config.name, Object.assign(Object.assign({}, config), { metadata: Object.assign(Object.assign({}, config === null || config === void 0 ? void 0 : config.metadata), { generator: info.id }) }));
+    (0, devkit_1.updateProjectConfiguration)(tree, config.name, Object.assign(Object.assign({}, config), { metadata: Object.assign(Object.assign(Object.assign({}, config === null || config === void 0 ? void 0 : config.metadata), { generator: info.id }), additionalMetadata) }));
 };
 exports.addGeneratorMetadata = addGeneratorMetadata;
+/**
+ * Mutate the project to add the dependency to the target if not already present
+ * Adds the target if not present.
+ */
+const addDependencyToTargetIfNotPresent = (project, target, dependency) => {
+    var _a, _b, _c;
+    var _d;
+    (_a = project.targets) !== null && _a !== void 0 ? _a : (project.targets = {});
+    (_b = (_d = project.targets)[target]) !== null && _b !== void 0 ? _b : (_d[target] = {});
+    project.targets[target].dependsOn = [
+        ...((_c = project.targets[target].dependsOn) !== null && _c !== void 0 ? _c : []).filter((d) => d !== dependency),
+        dependency,
+    ];
+};
+exports.addDependencyToTargetIfNotPresent = addDependencyToTargetIfNotPresent;
 //# sourceMappingURL=nx.js.map

package/src/utils/nx.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"nx.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/nx.ts"],"names":[],"mappings":";;;;AAAA;;;GAGG;AACH,~~uCAKoB~~;AACpB,oFAAmD;AACnD,8EAA6C;AAC7C,mDAA6B;AAC7B,2CAA6D;AAC7D,mCAAsC;AAYtC,MAAM,UAAU,GAAsB,MAAM,CAAC,OAAO,CAClD,yBAAc,CAAC,UAAU,CAC1B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,+BACpB,EAAE,EACF,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,mBAAmB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EACtE,kBAAkB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EACpE,WAAW,EAAE,IAAI,CAAC,WAAW,IAC1B,CAAC,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM;IACjC,CAAC,CAAC;QACE,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB;IACH,CAAC,CAAC,EAAE,CAAC,GACJ,CAAC,YAAY,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU;IACzC,CAAC,CAAC;QACE,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B;IACH,CAAC,CAAC,EAAE,CAAC,EACP,CAAC,CAAC;AAEJ;;;GAGG;AACI,MAAM,cAAc,GAAG,CAAC,aAAa,GAAG,KAAK,EAAqB,EAAE,CACzE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAD1C,QAAA,cAAc,kBAC4B;AAEvD;;GAEG;AACI,MAAM,gBAAgB,GAAG,CAC9B,iBAAyB,EACR,EAAE;IACnB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClE,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACjD,OAAO,UAAU,CAAC,IAAI,CACpB,CAAC,aAAa,EAAE,EAAE,CAChB,aAAa,CAAC,mBAAmB,KAAK,mBAAmB,CAC5D,CAAC;AACJ,CAAC,CAAC;AATW,QAAA,gBAAgB,oBAS3B;AAEK,MAAM,iBAAiB,GAAG,GAAG,EAAE;IACpC,OAAO,sBAAW,CAAC,OAAO,CAAC;AAC7B,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEF;;GAEG;AACI,MAAM,mCAAmC,GAAG,CACjD,IAAU,EACV,WAAmB,EACnB,EAAE;IACF,IAAI,CAAC;QACH,OAAO,IAAA,iCAAwB,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,gDAAgD;QAChD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,6BAAiB,EAAC,IAAI,CAAC,GAAG,WAAW,EAAE,IAAI,kCAAkC;gBAC1F,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,mBAAW,EAAC,IAAA,uBAAW,EAAC,IAAI,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,CACnE,CAAC;QACF,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,mCAAmC,uCAmB9C;AAEF;;GAEG;AACI,MAAM,oBAAoB,GAAG,CAClC,IAAU,EACV,WAAmB,EACnB,IAAqB,EACrB,EAAE;IACF,MAAM,MAAM,GAAG,IAAA,2CAAmC,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,IAAA,mCAA0B,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,kCACvC,MAAM,KACT,QAAQ,EAAE,~~gCACL~~,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,KACnB,SAAS,EAAE,IAAI,CAAC,EAAE,~~GACZ~~,IACR,CAAC;AACL,CAAC,CAAC;~~AAbW~~,QAAA,oBAAoB,~~wBAa~~/B"}
1	+ {"version":3,"file":"nx.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/nx.ts"],"names":[],"mappings":";;;;AAAA;;;GAGG;AACH,uCAMoB;AACpB,oFAAmD;AACnD,8EAA6C;AAC7C,mDAA6B;AAC7B,2CAA6D;AAC7D,mCAAsC;AAYtC,MAAM,UAAU,GAAsB,MAAM,CAAC,OAAO,CAClD,yBAAc,CAAC,UAAU,CAC1B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,+BACpB,EAAE,EACF,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,mBAAmB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EACtE,kBAAkB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EACpE,WAAW,EAAE,IAAI,CAAC,WAAW,IAC1B,CAAC,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM;IACjC,CAAC,CAAC;QACE,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB;IACH,CAAC,CAAC,EAAE,CAAC,GACJ,CAAC,YAAY,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU;IACzC,CAAC,CAAC;QACE,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B;IACH,CAAC,CAAC,EAAE,CAAC,EACP,CAAC,CAAC;AAEJ;;;GAGG;AACI,MAAM,cAAc,GAAG,CAAC,aAAa,GAAG,KAAK,EAAqB,EAAE,CACzE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAD1C,QAAA,cAAc,kBAC4B;AAEvD;;GAEG;AACI,MAAM,gBAAgB,GAAG,CAC9B,iBAAyB,EACR,EAAE;IACnB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClE,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACjD,OAAO,UAAU,CAAC,IAAI,CACpB,CAAC,aAAa,EAAE,EAAE,CAChB,aAAa,CAAC,mBAAmB,KAAK,mBAAmB,CAC5D,CAAC;AACJ,CAAC,CAAC;AATW,QAAA,gBAAgB,oBAS3B;AAEK,MAAM,iBAAiB,GAAG,GAAG,EAAE;IACpC,OAAO,sBAAW,CAAC,OAAO,CAAC;AAC7B,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAEF;;GAEG;AACI,MAAM,mCAAmC,GAAG,CACjD,IAAU,EACV,WAAmB,EACnB,EAAE;IACF,IAAI,CAAC;QACH,OAAO,IAAA,iCAAwB,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,gDAAgD;QAChD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,6BAAiB,EAAC,IAAI,CAAC,GAAG,WAAW,EAAE,IAAI,kCAAkC;gBAC1F,CAAC,CAAC,IAAI,KAAK,GAAG,IAAA,mBAAW,EAAC,IAAA,uBAAW,EAAC,IAAI,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,CACnE,CAAC;QACF,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,mCAAmC,uCAmB9C;AAEF;;GAEG;AACI,MAAM,oBAAoB,GAAG,CAClC,IAAU,EACV,WAAmB,EACnB,IAAqB,EACrB,kBAA2C,EAC3C,EAAE;IACF,MAAM,MAAM,GAAG,IAAA,2CAAmC,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,IAAA,mCAA0B,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,kCACvC,MAAM,KACT,QAAQ,EAAE,8CACL,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,KACnB,SAAS,EAAE,IAAI,CAAC,EAAE,KACf,kBAAkB,CACf,IACR,CAAC;AACL,CAAC,CAAC;AAfW,QAAA,oBAAoB,wBAe/B;AAEF;;;GAGG;AACI,MAAM,iCAAiC,GAAG,CAC/C,OAA6B,EAC7B,MAAc,EACd,UAAkB,EAClB,EAAE;;;IACF,MAAA,OAAO,CAAC,OAAO,oCAAf,OAAO,CAAC,OAAO,GAAK,EAAE,EAAC;IACvB,YAAA,OAAO,CAAC,OAAO,EAAC,MAAM,wCAAN,MAAM,IAAM,EAAE,EAAC;IAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,GAAG;QAClC,GAAG,CAAC,MAAA,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,mCAAI,EAAE,CAAC,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,CACxB;QACD,UAAU;KACX,CAAC;AACJ,CAAC,CAAC;AAbW,QAAA,iCAAiC,qCAa5C"}

package/src/utils/versions.d.ts CHANGED Viewed

@@ -6,11 +6,12 @@
  * Versons for TypeScript dependencies added by generators
  */
 export declare const TS_VERSIONS: {
-    readonly '@cdklabs/cdk-validator-cfnguard': "0.0.60";
     readonly '@aws-sdk/client-cognito-identity': "3.876.0";
     readonly '@aws-sdk/credential-providers': "3.876.0";
     readonly '@aws-sdk/credential-provider-cognito-identity': "3.876.0";
     readonly '@aws-sdk/client-bedrock-agentcore-control': "3.876.0";
+    readonly '@aws-smithy/server-apigateway': "1.0.0-alpha.10";
+    readonly '@aws-smithy/server-node': "1.0.0-alpha.10";
     readonly '@aws-lambda-powertools/logger': "2.25.2";
     readonly '@aws-lambda-powertools/metrics': "2.25.2";
     readonly '@aws-lambda-powertools/tracer': "2.25.2";
@@ -50,9 +51,12 @@ export declare const TS_VERSIONS: {
     readonly express: "5.1.0";
     readonly 'jsonc-eslint-parser': "2.4.0";
     readonly 'make-dir-cli': "4.0.0";
+    readonly ncp: "2.0.0";
     readonly 'oidc-client-ts': "3.3.0";
     readonly prettier: "3.6.2";
     readonly 'react-oidc-context': "3.3.0";
+    readonly rimraf: "6.0.1";
+    readonly rolldown: "1.0.0-beta.38";
     readonly 'source-map-support': "0.5.21";
     readonly tailwindcss: "4.1.12";
     readonly '@tailwindcss/vite': "4.1.12";
@@ -66,7 +70,7 @@ export type ITsDepVersion = keyof typeof TS_VERSIONS;
  * Add versions to the given dependencies
  */
 export declare const withVersions: (deps: ITsDepVersion[]) => {
-    [k: string]: "0.0.60" | "3.876.0" | "2.25.2" | "6.4.4" | "21.2.0" | "9.0.0" | "21.4.1" | "1.17.4" | "0.16.5" | "1.131.28" | "1.131.2" | "3.0.117" | "3.0.1075" | "1.0.45" | "5.87.4" | "11.0.0" | "22.18.0" | "8.10.152" | "2.8.19" | "5.0.3" | "4.3.2" | "1.0.20" | "2.1027.0" | "2.213.0" | "3.10.3" | "10.4.2" | "2.8.5" | "0.25.9" | "5.5.4" | "5.1.0" | "2.4.0" | "4.0.0" | "3.3.0" | "3.6.2" | "0.5.21" | "4.1.12" | "4.20.1" | "5.1.4" | "4.1.5" | "npm:zod@^3";
+    [k: string]: "3.876.0" | "1.0.0-alpha.10" | "2.25.2" | "6.4.4" | "21.2.0" | "9.0.0" | "21.4.1" | "1.17.4" | "0.16.5" | "1.131.28" | "1.131.2" | "3.0.117" | "3.0.1075" | "1.0.45" | "5.87.4" | "11.0.0" | "22.18.0" | "8.10.152" | "2.8.19" | "5.0.3" | "4.3.2" | "1.0.20" | "2.1027.0" | "2.213.0" | "3.10.3" | "10.4.2" | "2.8.5" | "0.25.9" | "5.5.4" | "5.1.0" | "2.4.0" | "4.0.0" | "2.0.0" | "3.3.0" | "3.6.2" | "6.0.1" | "1.0.0-beta.38" | "0.5.21" | "4.1.12" | "4.20.1" | "5.1.4" | "4.1.5" | "npm:zod@^3";
 };
 /**
  * Versions for Python dependencies added by generators

package/src/utils/versions.js CHANGED Viewed

@@ -9,11 +9,12 @@ exports.withPyVersions = exports.PY_VERSIONS = exports.withVersions = exports.TS
  * Versons for TypeScript dependencies added by generators
  */
 exports.TS_VERSIONS = {
-    '@cdklabs/cdk-validator-cfnguard': '0.0.60',
     '@aws-sdk/client-cognito-identity': '3.876.0',
     '@aws-sdk/credential-providers': '3.876.0',
     '@aws-sdk/credential-provider-cognito-identity': '3.876.0',
     '@aws-sdk/client-bedrock-agentcore-control': '3.876.0',
+    '@aws-smithy/server-apigateway': '1.0.0-alpha.10',
+    '@aws-smithy/server-node': '1.0.0-alpha.10',
     '@aws-lambda-powertools/logger': '2.25.2',
     '@aws-lambda-powertools/metrics': '2.25.2',
     '@aws-lambda-powertools/tracer': '2.25.2',
@@ -53,9 +54,12 @@ exports.TS_VERSIONS = {
     express: '5.1.0',
     'jsonc-eslint-parser': '2.4.0',
     'make-dir-cli': '4.0.0',
+    ncp: '2.0.0',
     'oidc-client-ts': '3.3.0',
     prettier: '3.6.2',
     'react-oidc-context': '3.3.0',
+    rimraf: '6.0.1',
+    rolldown: '1.0.0-beta.38',
     'source-map-support': '0.5.21',
     tailwindcss: '4.1.12',
     '@tailwindcss/vite': '4.1.12',

package/src/utils/versions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"versions.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/versions.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,~~iCAAiC,EAAE,QAAQ;IAC3C,~~kCAAkC,EAAE,SAAS;IAC7C,+BAA+B,EAAE,SAAS;IAC1C,+CAA+C,EAAE,SAAS;IAC1D,2CAA2C,EAAE,SAAS;IACtD,+BAA+B,EAAE,QAAQ;IACzC,gCAAgC,EAAE,QAAQ;IAC1C,+BAA+B,EAAE,QAAQ;IACzC,+BAA+B,EAAE,QAAQ;IACzC,aAAa,EAAE,OAAO;IACtB,cAAc,EAAE,QAAQ;IACxB,sBAAsB,EAAE,OAAO;IAC/B,YAAY,EAAE,QAAQ;IACtB,2BAA2B,EAAE,QAAQ;IACrC,iCAAiC,EAAE,QAAQ;IAC3C,wBAAwB,EAAE,UAAU;IACpC,yBAAyB,EAAE,UAAU;IACrC,4BAA4B,EAAE,UAAU;IACxC,+BAA+B,EAAE,SAAS;IAC1C,wBAAwB,EAAE,SAAS;IACnC,qCAAqC,EAAE,SAAS;IAChD,+BAA+B,EAAE,UAAU;IAC3C,kCAAkC,EAAE,QAAQ;IAC5C,uBAAuB,EAAE,QAAQ;IACjC,gCAAgC,EAAE,QAAQ;IAC1C,4BAA4B,EAAE,QAAQ;IACtC,cAAc,EAAE,QAAQ;IACxB,cAAc,EAAE,QAAQ;IACxB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,UAAU;IAC/B,aAAa,EAAE,QAAQ;IACvB,gBAAgB,EAAE,OAAO;IACzB,eAAe,EAAE,OAAO;IACxB,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,UAAU;IACrB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,QAAQ;IAC7B,UAAU,EAAE,QAAQ;IACpB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,QAAQ;IACjB,wBAAwB,EAAE,OAAO;IACjC,OAAO,EAAE,OAAO;IAChB,qBAAqB,EAAE,OAAO;IAC9B,cAAc,EAAE,OAAO;IACvB,gBAAgB,EAAE,OAAO;IACzB,QAAQ,EAAE,OAAO;IACjB,oBAAoB,EAAE,OAAO;IAC7B,oBAAoB,EAAE,QAAQ;IAC9B,WAAW,EAAE,QAAQ;IACrB,mBAAmB,EAAE,QAAQ;IAC7B,GAAG,EAAE,QAAQ,EAAE,kDAAkD;IACjE,qBAAqB,EAAE,OAAO;IAC9B,GAAG,EAAE,OAAO;IACZ,2FAA2F;IAC3F,oEAAoE;IACpE,QAAQ,EAAE,YAAY;CACd,CAAC;AAGX;;GAEG;AACI,MAAM,YAAY,GAAG,CAAC,IAAqB,EAAE,EAAE,CACpD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AADpD,QAAA,YAAY,gBACwC;AAEjE;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,uBAAuB,EAAE,UAAU;IACnC,+BAA+B,EAAE,UAAU;IAC3C,+BAA+B,EAAE,UAAU;IAC3C,0BAA0B,EAAE,UAAU;IACtC,mBAAmB,EAAE,SAAS;IAC9B,KAAK,EAAE,WAAW;IAClB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,mBAAmB,EAAE,WAAW;IAChC,MAAM,EAAE,UAAU;IAClB,GAAG,EAAE,UAAU;IACf,gBAAgB,EAAE,SAAS;IAC3B,sBAAsB,EAAE,SAAS;CACzB,CAAC;AAGX;;GAEG;AACI,MAAM,cAAc,GAAG,CAAC,IAAqB,EAAE,EAAE,CACtD,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,mBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AADpC,QAAA,cAAc,kBACsB"}
1	+ {"version":3,"file":"versions.js","sourceRoot":"","sources":["../../../../../packages/nx-plugin/src/utils/versions.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,kCAAkC,EAAE,SAAS;IAC7C,+BAA+B,EAAE,SAAS;IAC1C,+CAA+C,EAAE,SAAS;IAC1D,2CAA2C,EAAE,SAAS;IACtD,+BAA+B,EAAE,gBAAgB;IACjD,yBAAyB,EAAE,gBAAgB;IAC3C,+BAA+B,EAAE,QAAQ;IACzC,gCAAgC,EAAE,QAAQ;IAC1C,+BAA+B,EAAE,QAAQ;IACzC,+BAA+B,EAAE,QAAQ;IACzC,aAAa,EAAE,OAAO;IACtB,cAAc,EAAE,QAAQ;IACxB,sBAAsB,EAAE,OAAO;IAC/B,YAAY,EAAE,QAAQ;IACtB,2BAA2B,EAAE,QAAQ;IACrC,iCAAiC,EAAE,QAAQ;IAC3C,wBAAwB,EAAE,UAAU;IACpC,yBAAyB,EAAE,UAAU;IACrC,4BAA4B,EAAE,UAAU;IACxC,+BAA+B,EAAE,SAAS;IAC1C,wBAAwB,EAAE,SAAS;IACnC,qCAAqC,EAAE,SAAS;IAChD,+BAA+B,EAAE,UAAU;IAC3C,kCAAkC,EAAE,QAAQ;IAC5C,uBAAuB,EAAE,QAAQ;IACjC,gCAAgC,EAAE,QAAQ;IAC1C,4BAA4B,EAAE,QAAQ;IACtC,cAAc,EAAE,QAAQ;IACxB,cAAc,EAAE,QAAQ;IACxB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,UAAU;IAC/B,aAAa,EAAE,QAAQ;IACvB,gBAAgB,EAAE,OAAO;IACzB,eAAe,EAAE,OAAO;IACxB,SAAS,EAAE,QAAQ;IACnB,SAAS,EAAE,UAAU;IACrB,aAAa,EAAE,SAAS;IACxB,mBAAmB,EAAE,QAAQ;IAC7B,UAAU,EAAE,QAAQ;IACpB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,QAAQ;IACjB,wBAAwB,EAAE,OAAO;IACjC,OAAO,EAAE,OAAO;IAChB,qBAAqB,EAAE,OAAO;IAC9B,cAAc,EAAE,OAAO;IACvB,GAAG,EAAE,OAAO;IACZ,gBAAgB,EAAE,OAAO;IACzB,QAAQ,EAAE,OAAO;IACjB,oBAAoB,EAAE,OAAO;IAC7B,MAAM,EAAE,OAAO;IACf,QAAQ,EAAE,eAAe;IACzB,oBAAoB,EAAE,QAAQ;IAC9B,WAAW,EAAE,QAAQ;IACrB,mBAAmB,EAAE,QAAQ;IAC7B,GAAG,EAAE,QAAQ,EAAE,kDAAkD;IACjE,qBAAqB,EAAE,OAAO;IAC9B,GAAG,EAAE,OAAO;IACZ,2FAA2F;IAC3F,oEAAoE;IACpE,QAAQ,EAAE,YAAY;CACd,CAAC;AAGX;;GAEG;AACI,MAAM,YAAY,GAAG,CAAC,IAAqB,EAAE,EAAE,CACpD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AADpD,QAAA,YAAY,gBACwC;AAEjE;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,uBAAuB,EAAE,UAAU;IACnC,+BAA+B,EAAE,UAAU;IAC3C,+BAA+B,EAAE,UAAU;IAC3C,0BAA0B,EAAE,UAAU;IACtC,mBAAmB,EAAE,SAAS;IAC9B,KAAK,EAAE,WAAW;IAClB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,mBAAmB,EAAE,WAAW;IAChC,MAAM,EAAE,UAAU;IAClB,GAAG,EAAE,UAAU;IACf,gBAAgB,EAAE,SAAS;IAC3B,sBAAsB,EAAE,SAAS;CACzB,CAAC;AAGX;;GAEG;AACI,MAAM,cAAc,GAAG,CAAC,IAAqB,EAAE,EAAE,CACtD,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,mBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AADpC,QAAA,cAAc,kBACsB"}

package/src/utils/website-constructs/files/cdk/core/static-website.ts.template CHANGED Viewed

@@ -1,4 +1,4 @@
-import { CfnOutput, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { CfnOutput, CfnResource, RemovalPolicy, Stack } from 'aws-cdk-lib';
 import { Distribution, ViewerProtocolPolicy } from 'aws-cdk-lib/aws-cloudfront';
 import { S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
 import {
@@ -13,6 +13,8 @@ import { Construct } from 'constructs';
 import { RuntimeConfig } from './runtime-config.js';
 import { Key } from 'aws-cdk-lib/aws-kms';
 import { CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
+import { suppressRules } from './checkov.js';
 const DEFAULT_RUNTIME_CONFIG_FILENAME = 'runtime-config.json';
 export interface StaticWebsiteProps {
@@ -59,6 +61,17 @@ export class StaticWebsite extends Construct {
       publicReadAccess: false,
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
     });
+    suppressRules(
+      accessLogsBucket,
+      ['CKV_AWS_21'],
+      'Access log bucket does not need versioning enabled',
+    );
+    suppressRules(
+      accessLogsBucket,
+      ['CKV_AWS_18'],
+      'Access log bucket does not need an access log bucket',
+    );
     // S3 Bucket to hold website files
     this.websiteBucket = new Bucket(this, 'WebsiteBucket', {
       versioned: true,
@@ -89,6 +102,12 @@ export class StaticWebsite extends Construct {
       serverAccessLogsPrefix: 'distribution-access-logs',
       serverAccessLogsBucket: accessLogsBucket,
     });
+    suppressRules(
+      logBucket,
+      ['CKV_AWS_21'],
+      'Distribution log bucket does not need versioning enabled',
+    );
     const defaultRootObject = 'index.html';
     this.cloudFrontDistribution = new Distribution(
       this,
@@ -114,8 +133,14 @@ export class StaticWebsite extends Construct {
             responsePagePath: `/${defaultRootObject}`,
           },
         ],
-      }
+      },
     );
+    suppressRules(
+      this.cloudFrontDistribution,
+      ['CKV_AWS_174'],
+      'Cloudfront default certificate does not use TLS 1.2',
+    );
     // Deploy Website
     this.bucketDeployment = new BucketDeployment(this, 'WebsiteDeployment', {
       sources: [
@@ -130,6 +155,17 @@ export class StaticWebsite extends Construct {
       distribution: this.cloudFrontDistribution,
       memoryLimit: 1024,
     });
+    suppressRules(
+      Stack.of(this),
+      ['CKV_AWS_111'],
+      'CDK Bucket Deployment uses wildcard to deploy arbitrary assets',
+      (c) =>
+        CfnResource.isCfnResource(c) &&
+        c.cfnResourceType === 'AWS::IAM::Policy' &&
+        c.node.path.includes(`/Custom::CDKBucketDeployment`),
+    );
     new CfnOutput(this, 'DistributionDomainName', {
       value: this.cloudFrontDistribution.domainName,
     });
@@ -177,6 +213,24 @@ export class CloudfrontWebAcl extends Stack {
             none: {},
           },
         },
+        {
+          name: 'KnownBadInputsRule',
+          priority: 1,
+          statement: {
+            managedRuleGroupStatement: {
+              name: 'AWSManagedRulesKnownBadInputsRuleSet',
+              vendorName: 'AWS',
+            },
+          },
+          visibilityConfig: {
+            cloudWatchMetricsEnabled: true,
+            metricName: 'MetricForWebACLCDK-CRS',
+            sampledRequestsEnabled: true,
+          },
+          overrideAction: {
+            none: {},
+          },
+        },
       ],
     }).attrArn;
   }