I built cdn-security-framework because I was tired of the "manual sync" problem between my security policies and my edge code.
Usually, you define security headers in one place, rate limits in another (WAF), and custom block logic in a JavaScript file. If you update one and forget the others, you create vulnerabilities.
This tool treats a single `security.yml` file as the Source of Truth and compiles it into:
1. AWS CloudFront Functions (JS)
2. Cloudflare Workers (TS)
3. AWS WAF Rules (Terraform JSON)
It generates the boilerplate code for security headers, method restrictions, normalizations, and even JWT validation logic (for Cloudflare), so you don't have to write raw edge functions by hand.
It's designed to play nicely with existing infrastructure—it can output WAF Rule Groups as JSON artifacts that you can import into your existing Terraform setup without taking over the whole state.
*How to run:*
1. `git clone ...`
2. `docker-compose up --build`
3. Open `http://localhost:3001`
*What it tests:*
- *Zero-Copy Conversion*: Where lazy-image shines (WebP/AVIF generation without resizing).
- *Resize + Convert*: Standard use cases.
- *Advanced Ops*: Where Sharp still wins (blur, crop, etc.) - included for fairness.
The app visualizes processing time (ms) and file size (bytes) for your specific hardware.
I'd love for you to run it and tell me if my claims hold up on your machines!
Currently, lazy-image does not support Cloudflare Workers.
lazy-image uses native modules (.node files) built with NAPI-RS, which cannot run in Cloudflare Workers' V8 Isolate environment (only WebAssembly or pure JavaScript are supported).
*Currently supported environments:*
- Node.js 18+ environments (AWS Lambda, Vercel Serverless Functions, Google Cloud Functions, etc.)
- Serverless environments where native binaries can execute
*Cloudflare Workers support:*
- A WASM version is planned for v2.0
I appreciate your patience until v2.0 is released.
Motivation: - avoid config drift - make security rules reviewable - GitOps-friendly workflow
Looking for feedback from SRE / Platform engineers.