serverless-offline 9.1.1 → 9.1.4

package/README.md

@@ -152,7 +152,6 @@ custom:
   serverless-offline:
     httpsProtocol: 'dev-certs'
     httpPort: 4000
-    stageVariables:
       foo: 'bar'
 ```
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "dedicatedTo": "Blue, a great migrating bird.",
   "name": "serverless-offline",
-  "version": "9.1.1",
+  "version": "9.1.4",
   "description": "Emulate AWS λ and API Gateway locally when developing your Serverless project",
   "license": "MIT",
   "main": "./src/index.js",
@@ -194,7 +194,8 @@
     "@hapi/boom": "^10.0.0",
     "@hapi/h2o2": "^9.1.0",
     "@hapi/hapi": "^20.2.2",
-    "aws-sdk": "^2.1184.0",
+    "@serverless/utils": "^6.7.0",
+    "aws-sdk": "^2.1187.0",
     "boxen": "^7.0.0",
     "chalk": "^5.0.1",
     "execa": "^6.1.0",
@@ -204,9 +205,9 @@
     "jsonpath-plus": "^7.0.0",
     "jsonschema": "^1.4.1",
     "jsonwebtoken": "^8.5.1",
-    "jszip": "^3.10.0",
+    "jszip": "^3.10.1",
     "luxon": "^3.0.1",
-    "node-fetch": "^3.2.9",
+    "node-fetch": "^3.2.10",
     "node-schedule": "^2.1.0",
     "object.hasown": "^1.1.1",
     "p-memoize": "^7.1.0",
@@ -216,7 +217,7 @@
   },
   "devDependencies": {
     "archiver": "^5.3.1",
-    "eslint": "^8.20.0",
+    "eslint": "^8.21.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-import": "^2.25.4",
@@ -230,7 +231,6 @@
     "standard-version": "^9.5.0"
   },
   "peerDependencies": {
-    "@serverless/utils": "^6.7.0",
     "serverless": "^3.2.0"
   }
 }

package/src/ServerlessOffline.js

@@ -168,7 +168,7 @@ export default class ServerlessOffline {
 
     this.#http = new Http(this.#serverless, this.#options, this.#lambda)
 
-    await this.#http.registerPlugins()
+    await this.#http.createServer()
 
     this.#http.create(events)
 
@@ -236,12 +236,8 @@ export default class ServerlessOffline {
       .replace(/\s/g, '')
       .split(',')
 
-    if (this.#options.corsDisallowCredentials) {
-      this.#options.corsAllowCredentials = false
-    }
-
     this.#options.corsConfig = {
-      credentials: this.#options.corsAllowCredentials,
+      credentials: !this.#options.corsDisallowCredentials,
       exposedHeaders: this.#options.corsExposedHeaders,
       headers: this.#options.corsAllowHeaders,
       origin: this.#options.corsAllowOrigin,

package/src/config/defaultOptions.js

@@ -2,9 +2,9 @@ import { createApiKey } from '../utils/index.js'
 
 export default {
   apiKey: createApiKey(),
-  corsAllowCredentials: true, // TODO no CLI option
   corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
   corsAllowOrigin: '*',
+  corsDisallowCredentials: true,
   corsExposedHeaders: 'WWW-Authenticate,Server-Authorization',
   disableCookieValidation: false,
   disableScheduledEvents: false,

package/src/events/http/Http.js

@@ -17,6 +17,10 @@ export default class Http {
     return this.#httpServer.stop(timeout)
   }
 
+  async createServer() {
+    await this.#httpServer.createServer()
+  }
+
   #createEvent(functionKey, rawHttpEventDefinition, handler) {
     const httpEvent = new HttpEventDefinition(rawHttpEventDefinition)
 
@@ -39,10 +43,6 @@ export default class Http {
     this.#httpServer.create404Route()
   }
 
-  registerPlugins() {
-    return this.#httpServer.registerPlugins()
-  }
-
   // TEMP FIXME quick fix to expose gateway server for testing, look for better solution
   getServer() {
     return this.#httpServer.getServer()

package/src/events/http/HttpServer.js

@@ -1,5 +1,5 @@
 import { Buffer } from 'node:buffer'
-import { readFileSync } from 'node:fs'
+import { readFile } from 'node:fs/promises'
 import { createRequire } from 'node:module'
 import { join, resolve } from 'node:path'
 import { exit } from 'node:process'
@@ -47,7 +47,9 @@ export default class HttpServer {
     this.#lambda = lambda
     this.#options = options
     this.#serverless = serverless
+  }
 
+  async createServer() {
     const {
       enforceSecureCookies,
       host,
@@ -80,14 +82,20 @@ export default class HttpServer {
     // HTTPS support
     if (typeof httpsProtocol === 'string' && httpsProtocol.length > 0) {
       serverOptions.tls = {
-        cert: readFileSync(resolve(httpsProtocol, 'cert.pem'), 'ascii'),
-        key: readFileSync(resolve(httpsProtocol, 'key.pem'), 'ascii'),
+        cert: readFile(resolve(httpsProtocol, 'cert.pem'), 'ascii'),
+        key: readFile(resolve(httpsProtocol, 'key.pem'), 'ascii'),
       }
     }
 
     // Hapijs server creation
     this.#server = new Server(serverOptions)
 
+    try {
+      await this.#server.register([h2o2])
+    } catch (err) {
+      log.error(err)
+    }
+
     // Enable CORS preflight response
     this.#server.ext('onPreResponse', (request, h) => {
       if (request.headers.origin) {
@@ -205,14 +213,6 @@ export default class HttpServer {
     })
   }
 
-  async registerPlugins() {
-    try {
-      await this.#server.register([h2o2])
-    } catch (err) {
-      log.error(err)
-    }
-  }
-
   #logPluginIssue() {
     log.notice(
       'If you think this is an issue with the plugin please submit it, thanks!\nhttps://github.com/dherault/serverless-offline/issues',
@@ -260,7 +260,7 @@ export default class HttpServer {
     log.debug(`Creating Authorization scheme for ${authKey}`)
 
     // Create the Auth Scheme for the endpoint
-    const scheme = createJWTAuthScheme(jwtSettings, this)
+    const scheme = createJWTAuthScheme(jwtSettings)
 
     // Set the auth scheme and strategy on the server
     this.#server.auth.scheme(authSchemeName, scheme)
@@ -338,6 +338,7 @@ export default class HttpServer {
      *    /tests/integration/custom-authentication
      */
     const customizations = this.#serverless.service.custom
+
     if (
       customizations &&
       customizations.offline?.customAuthenticationProvider
@@ -350,11 +351,13 @@ export default class HttpServer {
       )
 
       const strategy = provider(endpoint, functionKey, method, path)
+
       this.#server.auth.scheme(
         strategy.scheme,
         strategy.getAuthenticateFunction,
       )
       this.#server.auth.strategy(strategy.name, strategy.scheme)
+
       return strategy.name
     }
 
@@ -363,164 +366,44 @@ export default class HttpServer {
       ? null
       : this.#configureJWTAuthorization(endpoint, functionKey, method, path) ||
         this.#configureAuthorization(endpoint, functionKey, method, path)
+
     return authStrategyName
   }
 
-  createRoutes(functionKey, httpEvent, handler) {
-    const [handlerPath] = splitHandlerPathAndName(handler)
-
-    let method
-    let path
-    let hapiPath
-
-    if (httpEvent.isHttpApi) {
-      if (httpEvent.routeKey === '$default') {
-        method = 'ANY'
-        path = httpEvent.routeKey
-        hapiPath = '/{default*}'
-      } else {
-        ;[method, path] = httpEvent.routeKey.split(' ')
-        hapiPath = generateHapiPath(
-          path,
-          {
-            ...this.#options,
-            noPrependStageInUrl: true, // Serverless always uses the $default stage
-          },
-          this.#serverless,
-        )
-      }
-    } else {
-      method = httpEvent.method.toUpperCase()
-      ;({ path } = httpEvent)
-      hapiPath = generateHapiPath(path, this.#options, this.#serverless)
-    }
-
-    const endpoint = new Endpoint(
-      join(this.#serverless.config.servicePath, handlerPath),
-      httpEvent,
-    ).generate()
-
-    const stage = endpoint.isHttpApi
-      ? '$default'
-      : this.#options.stage || this.#serverless.service.provider.stage
-    const protectedRoutes = []
-
-    if (httpEvent.private) {
-      protectedRoutes.push(`${method}#${hapiPath}`)
-    }
-
-    const { host, httpPort, httpsProtocol } = this.#options
-    const server = `${httpsProtocol ? 'https' : 'http'}://${host}:${httpPort}`
-
-    this.#terminalInfo.push({
-      invokePath: `/2015-03-31/functions/${functionKey}/invocations`,
-      method,
-      path: hapiPath,
-      server,
-      stage:
-        endpoint.isHttpApi || this.#options.noPrependStageInUrl ? null : stage,
-    })
-
-    const authStrategyName = this.#setAuthorizationStrategy(
+  #createHapiHandler(params) {
+    const {
+      additionalRequestContext,
       endpoint,
       functionKey,
+      hapiMethod,
+      hapiPath,
       method,
-      path,
-    )
-
-    let cors = null
-    if (endpoint.cors) {
-      cors = {
-        credentials:
-          endpoint.cors.credentials || this.#options.corsConfig.credentials,
-        exposedHeaders: this.#options.corsConfig.exposedHeaders,
-        headers: endpoint.cors.headers || this.#options.corsConfig.headers,
-        origin: endpoint.cors.origins || this.#options.corsConfig.origin,
-      }
-    } else if (
-      this.#serverless.service.provider.httpApi &&
-      this.#serverless.service.provider.httpApi.cors
-    ) {
-      const httpApiCors = getHttpApiCorsConfig(
-        this.#serverless.service.provider.httpApi.cors,
-        this,
-      )
-      cors = {
-        credentials: httpApiCors.allowCredentials,
-        exposedHeaders: httpApiCors.exposedResponseHeaders || [],
-        headers: httpApiCors.allowedHeaders || [],
-        maxAge: httpApiCors.maxAge,
-        origin: httpApiCors.allowedOrigins || [],
-      }
-    }
-
-    const hapiMethod = method === 'ANY' ? '*' : method
-
-    const state = this.#options.disableCookieValidation
-      ? {
-          failAction: 'ignore',
-          parse: false,
-        }
-      : {
-          failAction: 'error',
-          parse: true,
-        }
-
-    const hapiOptions = {
-      auth: authStrategyName,
-      cors,
-      state,
-      timeout: { socket: false },
-    }
+      protectedRoute,
+      stage,
+    } = params
 
-    // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'
-    // for more details, check https://github.com/dherault/serverless-offline/issues/204
-    if (hapiMethod === 'HEAD') {
-      log.notice(
-        'HEAD method event detected. Skipping HAPI server route mapping',
-      )
-
-      return
-    }
-
-    if (hapiMethod !== 'HEAD' && hapiMethod !== 'GET') {
-      // maxBytes: Increase request size from 1MB default limit to 10MB.
-      // Cf AWS API GW payload limits.
-      hapiOptions.payload = {
-        maxBytes: 1024 * 1024 * 10,
-        parse: false,
-      }
-    }
-
-    const additionalRequestContext = {}
-    if (httpEvent.operationId) {
-      additionalRequestContext.operationName = httpEvent.operationId
-    }
-
-    hapiOptions.tags = ['api']
-
-    const hapiHandler = async (request, h) => {
+    return async (request, h) => {
       const requestPath =
         endpoint.isHttpApi || this.#options.noPrependStageInUrl
           ? request.path
           : request.path.substr(`/${stage}`.length)
 
-      // Payload processing
+      // payload processing
       const encoding = detectEncoding(request)
 
       request.payload = request.payload && request.payload.toString(encoding)
       request.rawPayload = request.payload
 
-      // Incomming request message
+      // incomming request message
       log.notice()
 
       log.notice()
       log.notice(`${method} ${request.path} (λ: ${functionKey})`)
 
-      // Check for APIKey
+      // check for APIKey
       if (
-        (protectedRoutes.includes(`${hapiMethod}#${hapiPath}`) ||
-          protectedRoutes.includes(`ANY#${hapiPath}`)) &&
+        (protectedRoute === `${hapiMethod}#${hapiPath}` ||
+          protectedRoute === `ANY#${hapiPath}`) &&
         !this.#options.noAuth
       ) {
         const errorResponse = () =>
@@ -641,24 +524,18 @@ export default class HttpServer {
           event = request.payload || {}
         }
       } else if (integration === 'AWS_PROXY') {
-        const stageVariables = this.#serverless.service.custom
-          ? this.#serverless.service.custom.stageVariables
-          : null
-
         const lambdaProxyIntegrationEvent =
           endpoint.isHttpApi && endpoint.payload === '2.0'
             ? new LambdaProxyIntegrationEventV2(
                 request,
                 stage,
                 endpoint.routeKey,
-                stageVariables,
                 additionalRequestContext,
               )
             : new LambdaProxyIntegrationEvent(
                 request,
                 stage,
                 requestPath,
-                stageVariables,
                 endpoint.isHttpApi ? endpoint.routeKey : null,
                 additionalRequestContext,
               )
@@ -710,8 +587,7 @@ export default class HttpServer {
 
         const errorMessage = (err.message || err).toString()
 
-        const re = /\[(\d{3})]/
-        const found = errorMessage.match(re)
+        const found = errorMessage.match(/\[(\d{3})]/)
 
         if (found && found.length > 1) {
           ;[, errorStatusCode] = found
@@ -862,7 +738,9 @@ export default class HttpServer {
                 ).getContext()
 
                 result = renderVelocityTemplateObject(
-                  { root: responseTemplate },
+                  {
+                    root: responseTemplate,
+                  },
                   reponseContext,
                 ).root
               } catch (error) {
@@ -971,7 +849,9 @@ export default class HttpServer {
             headerValue.forEach((value) => {
               // it looks like Hapi doesn't support multiple headers with the same name,
               // appending values is the closest we can come to the AWS behavior.
-              response.header(headerKey, value, { append: true })
+              response.header(headerKey, value, {
+                append: true,
+              })
             })
           }
         })
@@ -1009,7 +889,6 @@ export default class HttpServer {
         }
       }
 
-      // Log response
       let whatToLog = result
 
       try {
@@ -1024,9 +903,152 @@ export default class HttpServer {
         }
       }
 
-      // Bon voyage!
       return response
     }
+  }
+
+  createRoutes(functionKey, httpEvent, handler) {
+    const [handlerPath] = splitHandlerPathAndName(handler)
+
+    let method
+    let path
+    let hapiPath
+
+    if (httpEvent.isHttpApi) {
+      if (httpEvent.routeKey === '$default') {
+        method = 'ANY'
+        path = httpEvent.routeKey
+        hapiPath = '/{default*}'
+      } else {
+        ;[method, path] = httpEvent.routeKey.split(' ')
+        hapiPath = generateHapiPath(
+          path,
+          {
+            ...this.#options,
+            noPrependStageInUrl: true, // Serverless always uses the $default stage
+          },
+          this.#serverless,
+        )
+      }
+    } else {
+      method = httpEvent.method.toUpperCase()
+      ;({ path } = httpEvent)
+      hapiPath = generateHapiPath(path, this.#options, this.#serverless)
+    }
+
+    const endpoint = new Endpoint(
+      join(this.#serverless.config.servicePath, handlerPath),
+      httpEvent,
+    ).generate()
+
+    const stage = endpoint.isHttpApi
+      ? '$default'
+      : this.#options.stage || this.#serverless.service.provider.stage
+
+    const protectedRoute = httpEvent.private
+      ? `${method}#${hapiPath}`
+      : undefined
+
+    const { host, httpPort, httpsProtocol } = this.#options
+    const server = `${httpsProtocol ? 'https' : 'http'}://${host}:${httpPort}`
+
+    this.#terminalInfo.push({
+      invokePath: `/2015-03-31/functions/${functionKey}/invocations`,
+      method,
+      path: hapiPath,
+      server,
+      stage:
+        endpoint.isHttpApi || this.#options.noPrependStageInUrl ? null : stage,
+    })
+
+    const authStrategyName = this.#setAuthorizationStrategy(
+      endpoint,
+      functionKey,
+      method,
+      path,
+    )
+
+    let cors = null
+    if (endpoint.cors) {
+      cors = {
+        credentials:
+          endpoint.cors.credentials || this.#options.corsConfig.credentials,
+        exposedHeaders: this.#options.corsConfig.exposedHeaders,
+        headers: endpoint.cors.headers || this.#options.corsConfig.headers,
+        origin: endpoint.cors.origins || this.#options.corsConfig.origin,
+      }
+    } else if (
+      this.#serverless.service.provider.httpApi &&
+      this.#serverless.service.provider.httpApi.cors
+    ) {
+      const httpApiCors = getHttpApiCorsConfig(
+        this.#serverless.service.provider.httpApi.cors,
+        this,
+      )
+      cors = {
+        credentials: httpApiCors.allowCredentials,
+        exposedHeaders: httpApiCors.exposedResponseHeaders || [],
+        headers: httpApiCors.allowedHeaders || [],
+        maxAge: httpApiCors.maxAge,
+        origin: httpApiCors.allowedOrigins || [],
+      }
+    }
+
+    const hapiMethod = method === 'ANY' ? '*' : method
+
+    const state = this.#options.disableCookieValidation
+      ? {
+          failAction: 'ignore',
+          parse: false,
+        }
+      : {
+          failAction: 'error',
+          parse: true,
+        }
+
+    const hapiOptions = {
+      auth: authStrategyName,
+      cors,
+      state,
+      timeout: { socket: false },
+    }
+
+    // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'
+    // for more details, check https://github.com/dherault/serverless-offline/issues/204
+    if (hapiMethod === 'HEAD') {
+      log.notice(
+        'HEAD method event detected. Skipping HAPI server route mapping',
+      )
+
+      return
+    }
+
+    if (hapiMethod !== 'HEAD' && hapiMethod !== 'GET') {
+      // maxBytes: Increase request size from 1MB default limit to 10MB.
+      // Cf AWS API GW payload limits.
+      hapiOptions.payload = {
+        maxBytes: 1024 * 1024 * 10,
+        parse: false,
+      }
+    }
+
+    const additionalRequestContext = {}
+    if (httpEvent.operationId) {
+      additionalRequestContext.operationName = httpEvent.operationId
+    }
+
+    hapiOptions.tags = ['api']
+
+    const hapiHandler = this.#createHapiHandler({
+      additionalRequestContext,
+      endpoint,
+      functionKey,
+      hapiMethod,
+      hapiPath,
+      method,
+      protectedRoute,
+      stage,
+    })
 
     this.#server.route({
       handler: hapiHandler,

package/src/events/http/lambda-events/LambdaProxyIntegrationEvent.js

@@ -30,22 +30,12 @@ export default class LambdaProxyIntegrationEvent {
 
   #stage = null
 
-  #stageVariables = null
-
-  constructor(
-    request,
-    stage,
-    path,
-    stageVariables,
-    routeKey,
-    additionalRequestContext,
-  ) {
+  constructor(request, stage, path, routeKey, additionalRequestContext) {
     this.#additionalRequestContext = additionalRequestContext || {}
     this.#path = path
     this.#routeKey = routeKey
     this.#request = request
     this.#stage = stage
-    this.#stageVariables = stageVariables
   }
 
   create() {
@@ -227,7 +217,7 @@ export default class LambdaProxyIntegrationEvent {
         stage: this.#stage,
       },
       resource,
-      stageVariables: this.#stageVariables,
+      stageVariables: null,
     }
   }
 }

package/src/events/http/lambda-events/LambdaProxyIntegrationEventV2.js

@@ -24,20 +24,11 @@ export default class LambdaProxyIntegrationEventV2 {
 
   #stage = null
 
-  #stageVariables = null
-
-  constructor(
-    request,
-    stage,
-    routeKey,
-    stageVariables,
-    additionalRequestContext,
-  ) {
+  constructor(request, stage, routeKey, additionalRequestContext) {
     this.#additionalRequestContext = additionalRequestContext || {}
     this.#routeKey = routeKey
     this.#request = request
     this.#stage = stage
-    this.#stageVariables = stageVariables
   }
 
   create() {
@@ -183,7 +174,7 @@ export default class LambdaProxyIntegrationEventV2 {
         timeEpoch: requestTimeEpoch,
       },
       routeKey: this.#routeKey,
-      stageVariables: this.#stageVariables,
+      stageVariables: null,
       version: '2.0',
     }
   }

package/src/events/schedule/Schedule.js

@@ -39,9 +39,9 @@ export default class Schedule {
       const cron = this.#convertExpressionToCron(entry)
 
       log.notice(
-        `Scheduling [${functionKey}] cron: [${cron}] input: ${stringify(
-          input,
-        )}`,
+        `Scheduling [${functionKey}] cron: [${cron}]${
+          input ? ` input: ${stringify(input)}` : ''
+        }`,
       )
 
       nodeSchedule.scheduleJob(cron, async () => {

package/src/lambda/handler-runner/go-runner/GoRunner.js

@@ -7,9 +7,9 @@ import { execa } from 'execa'
 
 const { parse, stringify } = JSON
 
-const PAYLOAD_IDENTIFIER = 'offline_payload'
-
 export default class GoRunner {
+  static #payloadIdentifier = 'offline_payload'
+
   #codeDir = null
 
   #env = null
@@ -51,12 +51,10 @@ export default class GoRunner {
     let payload
 
     for (const item of value.split(EOL)) {
-      if (item.indexOf(PAYLOAD_IDENTIFIER) === -1) {
-        logs.push(item)
-      } else if (item.indexOf(PAYLOAD_IDENTIFIER) !== -1) {
+      if (item.includes(GoRunner.#payloadIdentifier)) {
         try {
           const {
-            offline_payload: { success, error },
+            [GoRunner.#payloadIdentifier]: { error, success },
           } = parse(item)
 
           if (success) {
@@ -67,6 +65,8 @@ export default class GoRunner {
         } catch {
           // @ignore
         }
+      } else {
+        logs.push(item)
       }
     }
 

package/src/lambda/handler-runner/in-process-runner/InProcessRunner.js

@@ -50,7 +50,6 @@ export default class InProcessRunner {
     let handler
 
     try {
-      // const { [this.#handlerName]: handler } = await import(this.#handlerPath)
       // eslint-disable-next-line import/no-dynamic-require
       ;({ [this.#handlerName]: handler } = require(this.#handlerPath))
     } catch (err) {
@@ -87,15 +86,21 @@ export default class InProcessRunner {
     // create new immutable object
     const lambdaContext = {
       ...context,
-      done: (err, data) => callback(err, data),
-      fail: (err) => callback(err),
+      done(err, data) {
+        callback(err, data)
+      },
+      fail(err) {
+        callback(err)
+      },
       getRemainingTimeInMillis() {
         const timeLeft = executionTimeout - performance.now()
 
         // just return 0 for now if we are beyond alotted time (timeout)
         return timeLeft > 0 ? floor(timeLeft) : 0
       },
-      succeed: (res) => callback(null, res),
+      succeed(res) {
+        callback(null, res)
+      },
     }
 
     let result

package/src/lambda/handler-runner/java-runner/JavaRunner.js

@@ -4,9 +4,11 @@ import { log } from '@serverless/utils/log.js'
 import { invokeJavaLocal } from 'java-invoke-local'
 
 const { parse, stringify } = JSON
-const { has } = Reflect
+const { hasOwn } = Object
 
 export default class JavaRunner {
+  static #payloadIdentifier = '__offline_payload__'
+
   #deployPackage = null
 
   #env = null
@@ -45,9 +47,9 @@ export default class JavaRunner {
       if (
         json &&
         typeof json === 'object' &&
-        has(json, '__offline_payload__')
+        hasOwn(json, JavaRunner.#payloadIdentifier)
       ) {
-        return json.__offline_payload__
+        return json[JavaRunner.#payloadIdentifier]
       }
     }
 

package/src/lambda/handler-runner/python-runner/PythonRunner.js

@@ -7,12 +7,13 @@ import { fileURLToPath } from 'node:url'
 import { log } from '@serverless/utils/log.js'
 
 const { parse, stringify } = JSON
-const { assign } = Object
-const { has } = Reflect
+const { assign, hasOwn } = Object
 
 const __dirname = dirname(fileURLToPath(import.meta.url))
 
 export default class PythonRunner {
+  static #payloadIdentifier = '__offline_payload__'
+
   #env = null
 
   #handlerName = null
@@ -83,9 +84,9 @@ export default class PythonRunner {
       if (
         json &&
         typeof json === 'object' &&
-        has(json, '__offline_payload__')
+        hasOwn(json, PythonRunner.#payloadIdentifier)
       ) {
-        payload = json.__offline_payload__
+        payload = json[PythonRunner.#payloadIdentifier]
         // everything else is print(), logging, ...
       } else {
         log.notice(item)

package/src/lambda/handler-runner/ruby-runner/RubyRunner.js

@@ -6,11 +6,13 @@ import { log } from '@serverless/utils/log.js'
 import { execa } from 'execa'
 
 const { parse, stringify } = JSON
-const { has } = Reflect
+const { hasOwn } = Object
 
 const __dirname = dirname(fileURLToPath(import.meta.url))
 
 export default class RubyRunner {
+  static #payloadIdentifier = '__offline_payload__'
+
   #env = null
 
   #handlerName = null
@@ -47,9 +49,9 @@ export default class RubyRunner {
       if (
         json &&
         typeof json === 'object' &&
-        has(json, '__offline_payload__')
+        hasOwn(json, RubyRunner.#payloadIdentifier)
       ) {
-        payload = json.__offline_payload__
+        payload = json[RubyRunner.#payloadIdentifier]
       } else {
         log.notice(item)
       }