Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@dxos/cli-app
Advanced tools
To deploy apps we need a number of steps:
All this operations can be resumed with one command:
dx app deploy --domain "test" --name "app/example"
Before you publish your app you need to build it using dx app build
.
Your app.yml
MUST be present and it must have name
and version
defined.
You can specify the following params in your app.yml
:
build
: Build command. Defaults to yarn webpack -p
.Example:
name: 'Example App'
version: 0.0.0
build: yarn dist
Then run:
dx app build
dx app publish
In package root folder:
app.yml
is presented, with name
and version
fields. E.g.:name: 'Example App'
version: 1.0.0
build: yarn dist
package:
/: <IPFS HASH ID GENERATED BY PUBLISH>
dx app register --domain "test" --name "app/example"
dx app query
[
{
"id": "bafyreicjftv7di4x4og7gbxnrtqsqchiqcdchxnemnfiuqet35h2jzfww4",
"names": [
"dxn://dxos/application/example"
],
"owners": [
"6ee3328f65c8566cd5451e49e97a767d10a8adf7"
],
"bondId": "d466a4a9a640040f3d9582a5dc8797b43409c3bfde338b4b74ead9ffa225b494",
"createTime": "2020-08-25T18:47:03.082647202",
"expiryTime": "2021-08-25T18:47:03.082647202",
"attributes": {
"package": {
"/": "QmbPxkLXcHxWcUquhSEVCP5mUNQBLezjETGLzaDWmLscba"
},
"type": "dxn:app",
"version": "0.0.1",
"build": "yarn dist",
"name": "Example App"
}
},
]
Once apps are published to IPFS, a WNS record and name have been registered, we can use dx app serve
to serve the distributed files.
dx app serve
port
: Which port to start the server. Defaults to 5999
The application will hosted at:
/app/${DXN}/
Since DXN's can contain characters which are reserved in URI's, it is often necessary to URI-escape the DXN portion of the URI.
For example, with the DXN dxn://dxos/application/example
the URL is:
/app/dxn%3A%2F%2Fdxos%2Fapplication%2Fexample/
Because URI-encoded URL's are difficult to enter manually, there is an optimization for short WRN's of the form dxn://<org>/<appname>
that does not require any URI-encoding of the name. For example, with the short WRN wrn://dxos/example
, this plain URL can be used:
/app/dxos/example/
If using dxos/config
dynamic configuration each app can request config from a config endpoint (/config/config.json
).
This endpoint will serve a JSON-formatted representation of the YAML file located at ~/.dx/remote.yml
. The location of the YAML can be modified in the global configuration file:
cli:
app:
serve:
config: '/opts/apps-config/default.yml'
The following URLs will be available:
/config/config.json
You can setup whitelist of public keys of profile identities in the Wallet Extension that can authenticated through endpoint /wallet/auth
. In order to do so create a file in your DXOS profile folder named keyhole-whitelist.yml
. The file has to have the following structure:
whitelistedPublicKeys:
- <PUBLIC_KEY_1>
- <PUBLIC_KEY_2>
- ...
As for now verifying identity thorugh public key is not set up, public keys serve as a simple password stored in filesystem of the server.
FAQs
DXOS App CLI
We found that @dxos/cli-app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.