Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@graphprotocol/graph-cli
Advanced tools
CLI for building for and deploying to The Graph
As of today, the command line interface supports the following commands:
graph init
— Creates a new subgraph project from an example or an existing contract.graph create
— Registers a subgraph name with a Graph Node.graph remove
— Unregisters a subgraph name with a Graph Node.graph codegen
— Generates AssemblyScript types for smart contract ABIs and the subgraph schema.graph build
— Compiles a subgraph to WebAssembly.graph deploy
— Deploys a subgraph to a
Graph Node.graph auth
— Stores a Graph Node access token in
the system's keychain.graph local
— Runs tests against a Graph Node
test environment (using Ganache by default).graph test
— Downloads and runs the Matchstick rust
binary in order to test a subgraph.graph add
- Adds a new datasource to the yaml file and writes the necessary changes to other
files - schema.graphql, abi and mapping.graph publish
- Publishes the subgraph to the Graph Network.The Graph CLI takes a subgraph manifest (defaults to subgraph.yaml
) with references to:
It compiles the mappings to WebAssembly, builds a ready-to-use version of the subgraph saved to IPFS or a local directory for debugging, and deploys the subgraph to a Graph Node instance or Subgraph Studio. Additionally it allows you to publish your subgraph to the decentralized network directly, making it available for indexing via Graph Explorer
We recommend install the CLI using package manager npm
or yarn
or pnpm
when developing
subgraphs locally:
# NPM
npm install @graphprotocol/graph-cli
# Yarn
yarn add @graphprotocol/graph-cli
# pnpm
pnpm install @graphprotocol/graph-cli
You can install the CLI globally using a binary. Eventually this will become the default mechanism
for installing the CLI and building subgraphs because users do not need to install Node.js
or any
other external dependencies.
curl -LS https://cli.thegraph.com/install.sh | sudo sh
libsecret
is used for storing access tokens, so you may need to install it before getting started.
Use one of the following commands depending on your distribution:
sudo apt-get install libsecret-1-dev
sudo yum install libsecret-devel
sudo pacman -S libsecret
The Graph CLI can be used with a local or self-hosted Graph Node or with the Subgraph Studio. To help you get going, there are quick start guides available for both.
Additionally, you can use Graph CLI to publish your subgraph to the decentralized network directly.
If you are ready to dive into the details of building a subgraph from scratch, there is a detailed walkthrough for that as well, along with API documentation for the AssemblyScript API.
The Graph CLI is released on npm and
published as a Binary on GitHub Releases.
We support all the version of CLI that support
Maintenance, LTS and Current Node.js releases.
Additionally if there are graph-node
specific features that are breaking and no-longer supported,
we will drop support for older versions of CLI. After 90 days of a new Node.js
release, we will
drop support for the oldest Node.js
version.
End-of-life Releases
Release | End-of-life | Reason |
---|---|---|
>=0.60.0 | December 31, 2023 | No longer supporting Node 16 or lower |
Copyright © 2018-2019 Graph Protocol, Inc. and contributors.
The Graph CLI is dual-licensed under the MIT license and the Apache License, Version 2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
CLI for building for and deploying to The Graph
The npm package @graphprotocol/graph-cli receives a total of 9,710 weekly downloads. As such, @graphprotocol/graph-cli popularity was classified as popular.
We found that @graphprotocol/graph-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.