Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@canvas-js/cli
Advanced tools
Canvas provides a command line interface for running Canvas applications. This is the primary way to run apps and join the peer-to-peer network.
Canvas provides a command line interface for running Canvas applications. This is the primary way to run apps and join the peer-to-peer network.
To install the CLI, run:
npm install -g @canvas-js/cli
canvas <command>
Commands:
canvas init <path> Initialize a new application
canvas info <path> Show the model schema and action names in a contract
canvas run <path> Run a Canvas application
canvas export <path> Export the action log as dag-json to stdout
canvas import <path> Import an action log from stdin
Options:
--version Show version number [boolean]
--help Show help [boolean]
The main command is canvas run <path>
. This will start a libp2p node, SQLite database, QuickJS VM for processing actions, and an HTTP API server. Use the --help
flag to learn more.
In the likely case that your machine is behind a NAT layer, you have to provide the CLI with both an internal port bind a WebSocket server using the --listen
option, and a public external address using the --announce
option. Both of these must be formatted as multiaddrs, the generic composable network address format used by libp2p.
For example, this tells the CLI to listen on port 4444 and advertise wss://foobar.com:8000
as the public address:
$ canvas run ./myapp --listen /ip4/0.0.0.0/tcp/4444/ws --announce /dns4/foobar.com/tcp/443/wss
This assumes that you've configured your server to handle incoming secure websocket connections over TLS on port 443
, do TLS termination, and proxy the connection to your internal port 4444
.
A few things to note:
--announce
addresses as you want, but only one --listen
address./ip4/{publicIP}/tcp/{port}/wss
.AAAA
records, you can use /dns6
in addition to /dns4
.--listen
address without an --announce
address to delegate to libp2p's autonat and identify services, which are works in progress. It's best to provide a public address if you have one.Almost always, --listen
will be of the form /ip4/0.0.0.0/tcp/${port}/ws
, and --announce
will be of the form /dns4/${hostname}/tcp/{port}/wss
.
Running a Canvas app with canvas run
will serve an HTTP API at http://127.0.0.1:8000/api/
by default. You can change the port with the --port
option.
The basic routes are:
GET /api
- get application metadataGET /api/models/:model
- get model recordsGET /api/models/:model/:key
- get a model record by primary keyGET /api/clock
- get the next logical clock value from the logGET /api/messages
- query ranges of log messagesGET /api/messages/:id
- get a message from the logPOST /api/messages
- apply a signed messageGET /api/connections
- current libp2p connectionsGET /api/peers
- current libp2p pubsub peersPOST /api/ping/:peerId
- ping a peer via libp2pSome optional API endpoints are disabled by default, since they should't be exposed publicly.
--metrics
- serve Prometheus metrics at /metrics
The metrics reported to Prometheus include default NodeJS metric, internal libp2p metrics, and some additional metrics specific to Canvas Core
.
canvas_sync_time
A histogram of MST sync times.
label name | type |
---|---|
topic | string |
duration | number |
peer | string |
canvas_messages
A counter of messages applied
label name | type | description |
---|---|---|
topic | string | |
type | string | "action" or "session" |
--static [directory]
can be used to serve a static directory alongside the application API. This is the easiest way to bundle a frontend that uses Canvas as a backend. If the --static
flag is provided, the root path /
serves the files in [directory]
.
FAQs
Canvas provides a command line interface for running applications inside Node.js.
We found that @canvas-js/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.