Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team -  Nov 24, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
@comapeo/cloud
Advanced tools
@comapeo/cloud
A self-hosted cloud server for CoMapeo.
Deploying CoMapeo Cloud
CoMapeo Cloud can be deployed using Docker. The official Docker image is available on Docker Hub at communityfirst/comapeo-cloud.
Using Docker
Pull and run the latest version:
docker run -d \
-p 8080:8080 \
-e SERVER_BEARER_TOKEN=<your-secret-token> \
-v /path/to/data:/usr/src/app/data \
communityfirst/comapeo-cloud:latest
Or use the Dockerfile to build a Docker image.
Server configuration is done using environment variables. The following environment variables are available:
| Environment Variable | Required | Description | Default Value |
|---|---|---|---|
SERVER_BEARER_TOKEN | Yes | Token for authenticating API requests. Should be large random string | |
PORT | No | Port on which the server runs | 8080 |
SERVER_NAME | No | Friendly server name, seen by users when adding server | CoMapeo Server |
ALLOWED_PROJECTS | No | Number of projects allowed to register with the server | 1 |
STORAGE_DIR | No | Path for storing app & project data | $CWD/data |
If you are using Nginx to act as a reverse proxy for your CoMapeo Cloud server, ensure your proxy headers are configured to support WebSockets.
Deploying with fly.io
CoMapeo Cloud can be deployed on fly.io using the following steps:
- Install the flyctl CLI tool by following the instructions here.
- Create a new app on fly.io by running
flyctl apps create, take a note of the app name. - Set the SERVER_BEARER_TOKEN secret via:
flyctl secrets set SERVER_BEARER_TOKEN=<your-secret> --app <your-app-name> - Deploy the app by running (optionally setting the
ALLOWED_PROJECTSenvironment variable):flyctl deploy --app <your-app-name> -e ALLOWED_PROJECTS=10 - The app should now be running on fly.io. You can access it at
https://<your-app-name>.fly.dev.
To destroy the app (delete all data and project invites), run:
[!WARNING] This action is irreversible and will permanently delete all data associated with the app, and projects that have already added the server will no longer be able to sync with it.
flyctl destroy --app <your-app-name>
FAQs
self-hosted cloud server for CoMapeo
The npm package @comapeo/cloud receives a total of 130 weekly downloads. As such, @comapeo/cloud popularity was classified as not popular.
We found that @comapeo/cloud demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 13 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025