Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@faststore/core
Advanced tools
Kick off your store with this boilerplate. This starter ships the main FastStore configuration files to get your store up and running blazing-fast. This source code is the base for FastStore projects starter.
PS: you can install dependencies using the package manager of your choosing. In this guide, we'll be using
yarn
as an example.
Install dependencies with yarn
yarn
Start developing
Navigate into your new siteβs directory and start it up.
yarn dev
Open the source code and start editing!
Your site is now running at http://localhost:3000
!
A quick look at the top-level files and directories you'll see in a this NextJS project.
./
βββ node_modules
βββ @generated
βββ cms
βββ public
βββ src
βββ test
βββ .babelrc.js
βββ .editorconfig
βββ .prettierignore
βββ .prettierrrc
βββ .stylelintignore
βββ .gitignore
βββ .eslintignore
βββ codegen.ts
βββ cypress
βββ cypress.config.ts
βββ discovery.config.default.js
βββ discovery.config.js
βββ index.ts
βββ jest.config.js
βββ LICENSE
βββ lighthouserc.js
βββ next-env.d.ts
βββ next.config.ts
βββ package.json
βββ tsconfig.json
βββ postcss.config.js
βββ postinstall.js
βββ README.md
βββ stylelint.config.js
βββ tsconfig.json
βββ vtex.env
/node_modules
: This directory contains all of the modules of code that your project depends on (npm packages) are automatically installed.
/src
: This directory will contain all of the code related to what you will see on the front-end of your site (what you see in the browser) such as your site header or a page template. src
is a convention for βsource codeβ.
.gitignore
: This file tells git which files it should not track / not maintain a version history for.
.prettierrc
: This is a configuration file for Prettier. Prettier is a tool to help keep the formatting of your code consistent.
LICENSE
: NextJS is licensed under the MIT license.
package.json
: A manifest file for Node.js projects, which includes things like metadata (the projectβs name, author, etc). This manifest is how npm knows which packages to install for your project.
tsconfig.json
: The configuration file for the typescript compiler. This will statically analyze your code for errors and bugs before releasing them into production
discovery.config.default.js
: Configure your e-commerce platform, default sales channel etc.
@generated
: Where TypeScript typings are generated for your GraphQL queries. You can use these files for strongly typing your App
cypress
: End to End(e2e) tests using Cypress. Most of the scenarios are covered here. Add your custom flows to avoid regressions
cypress.config.ts
: Cypress configuration file
lighthouserc.js
: Configures Google Lighthouse CI. This is where you can turn on/off lighthouse assertions to be used by Lighthouse CI Bot/hook
.prettierignore
: Ignore listed files when applying prettier rules
.eslintignore
: Ignore listed files when applying eslint rules
All code is inside the src
folder. The code is split into folders that implement an MVC-like architecture.
The controller
is inside the src/sdk
folder. This is where you will find most logic for the application. This folder contains hooks for adding items to cart, making graphql queries, resizing images, etc. If you need to write a custom business logic this is probably the place to put this logic.
The views
are written in the src/components
folder and are subdivided into domain-specific components. Cart related items are inside the src/components/cart
folder. Search and Product related components like facets, product summary, and search results are in their respective folders. Basic building blocks components used in the sections are inside the UI folder.
Section components are those components that occupy a whole slice on the webpage and are desirable to be changed by a CMS. Section components are Product Gallery, Product Shelf and Hero and BannerText.
The model
, in a website, is where the data fetching occurs. Since this project uses Jamstack, a crucial design decision was made to explicitly split where Static and Dynamic data are fetched. The files inside the src/pages
folder use NextJS's File System Route API to declare routes and fetch static data.
To summarize:
src/pages
: Routes are declared and static data is fetched.src/views
: Receives static data from src/pages
, enriches this data with dynamic attributes, and render section components along with SEO tags.src/components/sections
: Receives necessary data and use domain-specific components (cart/product/search/ui) for rendering a slice on the web page.Icons help build web pages by illustrating concepts and improving website navigation. However, using icons can decrease the page's performance. One option to avoid the decrease of the page's performance is to use SVGs from a single SVG file, located in /static/icons.svg
, and load them with the ui/Icon
component.
In the following steps, learn how to add and use a new SVG icon and avoid decreasing page performance while using an icon.
svg
tag to symbol
.id
to the symbol. Remember to use an unique id
and do not replicate it.fill
, stroke-width
, width
, height
, and color
.An example adding Bell icon:
<svg style="display:none">
<symbol id="Bell" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256"><rect width="256" height="256" fill="none"></rect><path d="M56.2,104a71.9,71.9,0,0,1,72.3-72c39.6.3,71.3,33.2,71.3,72.9V112c0,35.8,7.5,56.6,14.1,68a8,8,0,0,1-6.9,12H49a8,8,0,0,1-6.9-12c6.6-11.4,14.1-32.2,14.1-68Z" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round"></path><path d="M96,192v8a32,32,0,0,0,64,0v-8" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round"></path></symbol>
</svg>
id
that you created in the SVG icon file.id
in the React component that you desire to use the SVG icon. For example// src/components/ui/MyIconButton/MyIconButton.tsx
import Icon from '@faststore/ui'
function ButtonIcon() {
return (
<button>
<Icon name="<<symbol_id>>" weight="thin" />
</button>
)
}
export default ButtonIcon
This project uses SVGs from Phosphor icons. More details, please refer to this doc.
Our customized themes are based on Design Tokens using CSS Variables or a CSS class for each token. We utilize the styles from the @faststore/ui
package, which are imported into the src/styles
directory. Additionally, each component's styles are imported directly into the section where they are being used. Refer to Theming overview for more details.
We use graphql-codegen to pre-process GraphQL queries. This compilation generates TypeScript typings and configurations for our graphql server under the folder @generated/graphql
.
This means we can statically analyze your code in search of bugs and secure your graphql server before each deploy. If, however you need to change any GraphQL Fragment, Query or Mutation, you will need to regenerate the whole thing. To do this, open your terminal and type
$ yarn dev
Now, after the nextjs development server is up and running, open another terminal and run
$ yarn generate
That's it! you have just regenerated all graphql queries/fragments for your application and the new data you requested should be available to your component.
Pro tip: Pass
-w
to theyarn generate
command so it watches for changes and you don't need to run this command multiple times.
This store is integrated with VTEX headless CMS.
The page rendered with CMS is the index page: pages/index.tsx
The cms/faststore
contains the content-types.json
and sections.json
files.
It's possible to change the CMS tenant and workspace at discovery.config.default.js
.
Looking for more guidance? Full documentation for FastStore lives on this GitHub repository. Also, for learning NextJS, take a look at the NextJS Website, they have plenty of tutorials and examples in there.
This project has strict performance budgets. Right out of the box, this project performs around 95 on Google's Page Speed Insights website, which usually is way more strict than your laptop's chrome lighthouse. Every time you commit to the repository, our QA bots will run and evaluate your code quality. We recommend you NEVER put in production a code that breaks any of the bots. If a bot breaks and still you need to put the code into production, change the bot config (lighthouserc.js
, cypress.config.ts
) to make it pass and merge. This way you ensure your website will keep performing well during the years to come.
Adding third-party scripts to a webpage usually makes it slow. To maintain great performance while third-party scripts are added, this project uses Partytown, a lazy-load library that helps relocate intensive scripts into a web worker and off of the main thread.
To add scripts using Partytown, add the type="text/partytown"
to the script tag and make sure to add it before the Partytown script or component.
Some third-party scripts execute expensive computations that may require some time to run, making pages few slow. If that's the case, wrap those in a function and reference it on the Partytown forward
prop. By doing this, Partytown will run this function on a web worker so it doesn't block the main thread.
export const onRenderBody = ({ setHeadComponents }) => {
// ...
setHeadComponents([
<script type="text/partytown">
window.expensiveFunction = function() {/* expensive computation used by custom-script */}
</script>
<script key="custom-script" src="*://domain/path" type="text/partytown" />,
<Partytown key="partytown" forward={["expensiveFunction"]} />
])
// ...
}
For more information about integrating third-party scripts: Partytown Wiki.
FAQs
A starter powered by FastSto
The npm package @faststore/core receives a total of 3,369 weekly downloads. As such, @faststore/core popularity was classified as popular.
We found that @faststore/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.