Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@backstage/plugin-devtools
Advanced tools
Welcome to the DevTools plugin! This plugin helps elevate useful information about a Backstage instance through the frontend, which can be helpful for an integrator for troubleshooting, reviewing, and understanding their installation.
The DevTools plugin comes with two tabs out of the box.
Lists helpful information about your current running Backstage instance such as: OS, NodeJS version, Backstage version, and package versions.
Lists the configuration being used by your current running Backstage instance.
The DevTools plugin can be setup with other tabs with additional helpful features.
Lists the status of configured External Dependencies based on your current running Backstage instance's ability to reach them.
The following sections will help you get the DevTools plugin setup and running.
You need to setup the DevTools backend plugin before you move forward with any of the following steps if you haven't already.
To setup the DevTools frontend you'll need to do the following steps:
First we need to add the @backstage/plugin-devtools
package to your frontend app:
# From your Backstage root directory
yarn add --cwd packages/app @backstage/plugin-devtools
Now open the packages/app/src/App.tsx
file
Then after all the import statements add the following line:
import { DevToolsPage } from '@backstage/plugin-devtools';
In this same file just before the closing </ FlatRoutes>
, this will be near the bottom of the file, add this line:
<Route path="/devtools" element={<DevToolsPage />} />
Next open the packages/app/src/components/Root/Root.tsx
file
We want to add this icon import after all the existing import statements:
import BuildIcon from '@material-ui/icons/Build';
Then add this line just after the <SidebarSettings />
line:
<SidebarItem icon={BuildIcon} to="devtools" text="DevTools" />
Now run yarn dev
from the root of your project and you should see the DevTools option show up just below Settings in your sidebar and clicking on it will get you to the Info tab
The DevTools plugin has been designed so that you can customize the tabs to suite your needs. You may only want some or none of the out of the box tabs or you may want to add your own. The following sections explains how to do that (assuming you've already done the setup steps). As part of this example we'll also be showing how you can add the optional External Dependencies tab.
In the packages/app/src/components
folder create a new sub-folder called devtools
Then in this new devtools
folder add a file called CustomDevToolsPage.tsx
In the CustomDevToolsPage.tsx
file add the following content:
import {
ConfigContent,
ExternalDependenciesContent,
InfoContent,
} from '@backstage/plugin-devtools';
import { DevToolsLayout } from '@backstage/plugin-devtools';
import React from 'react';
export const DevToolsPage = () => {
return (
<DevToolsLayout>
<DevToolsLayout.Route path="info" title="Info">
<InfoContent />
</DevToolsLayout.Route>
<DevToolsLayout.Route path="config" title="Config">
<ConfigContent />
</DevToolsLayout.Route>
<DevToolsLayout.Route
path="external-dependencies"
title="External Dependencies"
>
<ExternalDependenciesContent />
</DevToolsLayout.Route>
</DevToolsLayout>
);
};
export const customDevToolsPage = <DevToolsPage />;
Now open the packages/app/src/App.tsx
file and add the following import after all the existing import statements:
import { customDevToolsPage } from './components/devtools/CustomDevToolsPage';
Then we need to adjust our route as follows
- <Route path="/devtools" element={<DevToolsPage />} />
+ <Route path="/devtools" element={<DevToolsPage />} >
+ {customDevToolsPage}
+ </Route>
Now run yarn dev
from the root of your project. When you go to the DevTools you'll now see you have a third tab for External Dependencies
With this setup you can add or remove the tabs as you'd like or add your own simply by editing your CustomDevToolsPage.tsx
file
The DevTools plugin supports the permissions framework, the following sections outline how you can use them with the assumption that you have the permissions framework setup and working.
Note: These sections are intended as guidance and are completely optional. The DevTools plugin will work with the permission framework off or on without any specific policy setup.
To use the permission framework to secure the DevTools sidebar option you'll want to do the following:
First we need to add the @backstage/plugin-devtools-common
package to your frontend app:
# From your Backstage root directory
yarn add --cwd packages/app @backstage/plugin-devtools-common
Then open the packages/app/src/components/Root/Root.tsx
file
The add these imports after all the existing import statements:
import { devToolsAdministerPermission } from '@backstage/plugin-devtools-common';
import { RequirePermission } from '@backstage/plugin-permission-react';
Then make the following change:
- <SidebarItem icon={BuildIcon} to="devtools" text="DevTools" />
+ <RequirePermission
+ permission={devToolsAdministerPermission}
+ errorPage={<></>}>
+ <SidebarItem icon={BuildIcon} to="devtools" text="DevTools" />
+ </RequirePermission>
To use the permission framework to secure the DevTools route you'll want to do the following:
First we need to add the @backstage/plugin-devtools-common
package to your frontend app (skip this step if you've already done this):
# From your Backstage root directory
yarn add --cwd packages/app @backstage/plugin-devtools-common
Then open the packages/app/src/App.tsx
file
The add this import after all the existing import statements:
import { devToolsAdministerPermission } from '@backstage/plugin-devtools-common';
Then make the following change:
- <Route path="/devtools" element={<DevToolsPage />} />
+ <Route path="/devtools"
+ element={
+ <RequirePermission permission={devToolsAdministerPermission}>
+ <DevToolsPage />
+ </RequirePermission>
+ }
+ />
Note: if you are using a customDevToolsPage
as per the Customizing documentation the changes for Step 4 will be:
- <Route path="/devtools" element={<DevToolsPage />} />
+ <Route path="/devtools"
+ element={
+ <RequirePermission permission={devToolsAdministerPermission}>
+ <DevToolsPage />
+ </RequirePermission>
+ }
+ >
+ {customDevToolsPage}
+ </Route>
Here is an example permission policy that you might use to secure the DevTools plugin:
// packages/backend/src/plugins/permission.ts
class TestPermissionPolicy implements PermissionPolicy {
async handle(request: PolicyQuery): Promise<PolicyDecision> {
if (isPermission(request.permission, devToolsAdministerPermission)) {
if (
user?.identity.ownershipEntityRefs.includes(
'group:default/backstage-admins',
)
) {
return { result: AuthorizeResult.ALLOW };
}
return { result: AuthorizeResult.DENY };
}
if (isPermission(request.permission, devToolsInfoReadPermission)) {
if (
user?.identity.ownershipEntityRefs.includes(
'group:default/backstage-admins',
)
) {
return { result: AuthorizeResult.ALLOW };
}
return { result: AuthorizeResult.DENY };
}
if (isPermission(request.permission, devToolsConfigReadPermission)) {
if (
user?.identity.ownershipEntityRefs.includes(
'group:default/backstage-admins',
)
) {
return { result: AuthorizeResult.ALLOW };
}
return { result: AuthorizeResult.DENY };
}
if (
isPermission(
request.permission,
devToolsExternalDependenciesReadPermission,
)
) {
if (
user?.identity.ownershipEntityRefs.includes(
'group:default/backstage-admins',
)
) {
return { result: AuthorizeResult.ALLOW };
}
return { result: AuthorizeResult.DENY };
}
return { result: AuthorizeResult.ALLOW };
}
}
To use this policy you'll need to make sure to add the @backstage/plugin-devtools-common
package to your backend you can do that by running this command:
# From your Backstage root directory
yarn add --cwd packages/backend @backstage/plugin-devtools-common
You'll also need to add these imports:
import {
devToolsAdministerPermission,
devToolsConfigReadPermission,
devToolsExternalDependenciesReadPermission,
devToolsInfoReadPermission,
} from '@backstage/plugin-devtools-common';
Note: The group "group:default/backstage-admins" is simply an example and does not exist. You can point this to any group you have in your catalog instead.
If you followed the Customizing documentation and want to use permission there this is what your CustomDevToolsPage.tsx
would look like:
import {
ConfigContent,
ExternalDependenciesContent,
InfoContent,
} from '@backstage/plugin-devtools';
import { DevToolsLayout } from '@backstage/plugin-devtools';
import {
devToolsConfigReadPermission,
devToolsExternalDependenciesReadPermission,
devToolsInfoReadPermission,
} from '@backstage/plugin-devtools-common';
import { RequirePermission } from '@backstage/plugin-permission-react';
import React from 'react';
const DevToolsPage = () => {
return (
<DevToolsLayout>
<DevToolsLayout.Route path="info" title="Info">
<RequirePermission permission={devToolsInfoReadPermission}>
<InfoContent />
</RequirePermission>
</DevToolsLayout.Route>
<DevToolsLayout.Route path="config" title="Config">
<RequirePermission permission={devToolsConfigReadPermission}>
<ConfigContent />
</RequirePermission>
</DevToolsLayout.Route>
<DevToolsLayout.Route
path="external-dependencies"
title="External Dependencies"
>
<RequirePermission
permission={devToolsExternalDependenciesReadPermission}
>
<ExternalDependenciesContent />
</RequirePermission>
</DevToolsLayout.Route>
</DevToolsLayout>
);
};
export const customDevToolsPage = <DevToolsPage />;
The following sections outline the configuration for the DevTools plugin
If you decide to use the External Dependencies tab then you'll need to setup the configuration for it in your app-config.yaml
, if there is no config setup then the tab will be empty. Here's an example:
devTools:
externalDependencies:
endpoints:
- name: 'Google'
type: 'fetch'
target: 'https://google.ca'
- name: 'Google Public DNS'
type: 'ping'
target: '8.8.8.8'
Configuration details:
endpoints
is an arrayname
is the friendly name for your endpointtype
can be either ping
or fetch
and will perform the respective action on the target
target
is either a URL or server that you want to trigger a type
action onFAQs
Unknown package
The npm package @backstage/plugin-devtools receives a total of 8,813 weekly downloads. As such, @backstage/plugin-devtools popularity was classified as popular.
We found that @backstage/plugin-devtools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.