Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@getanthill/datastore
Advanced tools
The default template for setting up a Sapper project. Can use either Rollup or webpack as bundler.
degit
To create a new Sapper project based on Rollup locally, run
npx degit "sveltejs/sapper-template#rollup" my-app
For a webpack-based project, instead run
npx degit "sveltejs/sapper-template#webpack" my-app
degit
is a scaffolding tool that lets you create a directory from a branch in a repository.
Replace my-app
with the path where you wish to create the project.
Alternatively, you can create the new project as a GitHub repository using GitHub's template feature.
Go to either sapper-template-rollup or sapper-template-webpack and click on "Use this template" to create a new project repository initialized by the template.
Once you have created the project, install dependencies and run the project in development mode:
cd my-app
npm install # or yarn
npm run dev
This will start the development server on localhost:3000. Open it and click around.
You now have a fully functional Sapper project! To get started developing, consult sapper.svelte.dev.
By default, the template uses plain JavaScript. If you wish to use TypeScript instead, you need some changes to the project:
typescript
as well as typings as dependences in package.json
svelte-preprocess
and transpile the TypeScript code.tsconfig.json
fileThe template comes with a script that will perform these changes for you by running
node scripts/setupTypeScript.js
@sapper
dependencies are resolved through src/node_modules/@sapper
, which is created during the build. You therefore need to run or build the project once to avoid warnings about missing dependencies.
The script does not support webpack at the moment.
Sapper expects to find two directories in the root of your project — src
and static
.
The src directory contains the entry points for your app — client.js
, server.js
and (optionally) a service-worker.js
— along with a template.html
file and a routes
directory.
This is the heart of your Sapper app. There are two kinds of routes — pages, and server routes.
Pages are Svelte components written in .svelte
files. When a user first visits the application, they will be served a server-rendered version of the route in question, plus some JavaScript that 'hydrates' the page and initialises a client-side router. From that point forward, navigating to other pages is handled entirely on the client for a fast, app-like feel. (Sapper will preload and cache the code for these subsequent pages, so that navigation is instantaneous.)
Server routes are modules written in .js
files, that export functions corresponding to HTTP methods. Each function receives Express request
and response
objects as arguments, plus a next
function. This is useful for creating a JSON API, for example.
There are three simple rules for naming the files that define your routes:
src/routes/about.svelte
corresponds to the /about
route. A file called src/routes/blog/[slug].svelte
corresponds to the /blog/:slug
route, in which case params.slug
is available to the routesrc/routes/index.svelte
(or src/routes/index.js
) corresponds to the root of your app. src/routes/about/index.svelte
is treated the same as src/routes/about.svelte
.src/routes/_helpers/datetime.js
and it would not create a /_helpers/datetime
route.Images added to src/node_modules/images
can be imported into your code using import 'images/<filename>'
. They will be given a dynamically generated filename containing a hash, allowing for efficient caching and serving the images on a CDN.
See index.svelte
for an example.
This directory is managed by Sapper and generated when building. It contains all the code you import from @sapper
modules.
The static directory contains static assets that should be served publicly. Files in this directory will be available directly under the root URL, e.g. an image.jpg
will be available as /image.jpg
.
The default service-worker.js will preload and cache these files, by retrieving a list of files
from the generated manifest:
import { files } from '@sapper/service-worker';
If you have static files you do not want to cache, you should exclude them from this list after importing it (and before passing it to cache.addAll
).
Static files are served using sirv.
Sapper uses Rollup or webpack to provide code-splitting and dynamic imports, as well as compiling your Svelte components. With webpack, it also provides hot module reloading. As long as you don't do anything daft, you can edit the configuration files to add whatever plugins you'd like.
To start a production version of your app, run npm run build && npm start
. This will disable live reloading, and activate the appropriate bundler plugins.
You can deploy your application to any environment that supports Node 10 or above. As an example, to deploy to Vercel Now when using sapper export
, run these commands:
npm install -g vercel
vercel
If your app can't be exported to a static site, you can use the now-sapper builder. You can find instructions on how to do so in its README.
When using Svelte components installed from npm, such as @sveltejs/svelte-virtual-list, Svelte needs the original component source (rather than any precompiled JavaScript that ships with the component). This allows the component to be rendered server-side, and also keeps your client-side app smaller.
Because of that, it's essential that the bundler doesn't treat the package as an external dependency. You can either modify the external
option under server
in rollup.config.js or the externals
option in webpack.config.js, or simply install the package to devDependencies
rather than dependencies
, which will cause it to get bundled (and therefore compiled) with your app:
npm install -D @sveltejs/svelte-virtual-list
Sapper is in early development, and may have the odd rough edge here and there. Please be vocal over on the Sapper issue tracker.
v
max valueGET:/api/:model/:correlation_id/timetravel
route to show an entity in the pastPOST:/api/:model/:correlation_id/restore
route to restore an entity at a given point of time/api/:model/:correlation_id/indices
routes to get and create indices for a given modelGET:/api/:model/:correlation_id/statistics
route to get access to model collection statisticstelemetry
project
to access tracing and metricsFAQs
Event-Sourced Datastore
The npm package @getanthill/datastore receives a total of 332 weekly downloads. As such, @getanthill/datastore popularity was classified as not popular.
We found that @getanthill/datastore demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.