Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@dotcms/create-app

Package Overview
Dependencies
Maintainers
2
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@dotcms/create-app

> 🚧 **Beta Notice:** > This CLI is currently in **beta**. Features and APIs may change as we continue improving the tool.

npmnpm
Version
1.2.2
Version published
Weekly downloads
10
Maintainers
2
Weekly downloads
 
Created
Source

🚀 create-dotcms-app

🚧 Beta Notice: This CLI is currently in beta. Features and APIs may change as we continue improving the tool.

With a single command, you can bootstrap a fully functional frontend (Next.js,Vue,Angular, etc.) connected to dotCMS APIs — including the following:

  • Spinning up dotCMS using docker
  • Universal Visual Editor pre configured
  • Generating site id and authentication token (just copy paste them in frontend .env and enjoy).

✨ What is create-dotcms-app?

create-dotcms-app is a command-line tool that helps developers quickly spin up headless frontends powered by dotCMS.

It automates the tedious work of:

  • Setting up a framework
  • Connecting to dotCMS REST & GraphQL APIs
  • Providing content-fetching helpers
  • Adding example components & pages
  • Creating environment variable templates
  • Optional Setting up local dotCMS instance using docker.

This tool lets you focus on building, not configuring.

🎯 Why this project exists

dotCMS is a hybrid headless CMS with powerful APIs — but initializing a frontend manually takes time.

This CLI solves that by offering:

  • Frictionless onboarding
  • Standardized project setup
  • Fast prototyping & demos
  • DevRel-friendly scaffolding for workshops & tutorials
  • Production-ready integration patterns

🛠️ Installation

Run using npx (recommended):

npx @dotcms/create-app <project-name>

Or install cli globally

npm install -g @dotcms/create-app

Usage

npx @dotcms/create-app <project-name>

This will:

  • Ask for the target directory
  • Ask which frontend framework you want (Next.js,Angular,Vue, etc.)
  • Ask if you’re using dotCMS Cloud or Local Docker dotCMS
  • Automatically scaffold your project
  • Configure UVE (Edit Mode Anywhere)
  • Start dotCMS (if using Docker)
  • Print required environment variables for your frontend

Env variables

You will get the following env variables generated by cli just copy and replace them in the frontend of the env and enjoy dotCMS in headless mode.

Host (site) : http://localhost:8082
Site ID : 59bb8831-6706-4589-9ca0-ff74016e02b2
API Token : YOUR_API_TOKEN

CLI Syntax

create-dotcms-app <project-name> [options]
OptionDescription
-f, --framework <name>Skip prompts and directly choose a framework. Must be one of: nextjs, angular, angular-ssr, astro, etc.
-d, --directoryProject Directory
--localUse local dotCMS instance using docker:
-u, --usernamedotCMS instance username (skip in case of local)
-p, --passworddotCMS instance password (skip in case of local)
--urldotCMS instance url (skip in case of local)
-V, --versionShow CLI version

FAQs

Package last updated on 22 Jan 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Next Open Source Security Race: Triage at Machine Speed

Security News

The Next Open Source Security Race: Triage at Machine Speed

Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.

By Sarah Gooding  -  Feb 06, 2026
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Research

/

Security News

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.

By Kush Pandya  -  Feb 06, 2026