Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@graphprotocol/graph-cli
Advanced tools
As of today, the command line interface supports the following commands:
graph init
— Creates a new subgraph project from an example or an existing contract.graph create
— Registers a subgraph name with a Graph Node.graph remove
— Unregisters a subgraph name with a Graph Node.graph codegen
— Generates AssemblyScript types for smart contract ABIs and the subgraph schema.graph build
— Compiles a subgraph to WebAssembly.graph deploy
— Deploys a subgraph to a
Graph Node.graph auth
— Stores a Graph Node access token in
the system's keychain.graph local
— Runs tests against a Graph Node
test environment (using Ganache by default).graph test
— Downloads and runs the Matchstick rust
binary in order to test a subgraph.graph add
- Adds a new datasource to the yaml file and writes the necessary changes to other
files - schema.graphql, abi and mapping.graph publish
- Publishes the subgraph to the Graph Network.The Graph CLI takes a subgraph manifest (defaults to subgraph.yaml
) with references to:
It compiles the mappings to WebAssembly, builds a ready-to-use version of the subgraph saved to IPFS or a local directory for debugging, and deploys the subgraph to a Graph Node instance or Subgraph Studio. Additionally it allows you to publish your subgraph to the decentralized network directly, making it available for indexing via Graph Explorer
We recommend install the CLI using package manager npm
or yarn
or pnpm
when developing
subgraphs locally:
# NPM
npm install @graphprotocol/graph-cli
# Yarn
yarn add @graphprotocol/graph-cli
# pnpm
pnpm install @graphprotocol/graph-cli
You can install the CLI globally using a binary. Eventually this will become the default mechanism
for installing the CLI and building subgraphs because users do not need to install Node.js
or any
other external dependencies.
curl -LS https://cli.thegraph.com/install.sh | sudo sh
libsecret
is used for storing access tokens, so you may need to install it before getting started.
Use one of the following commands depending on your distribution:
sudo apt-get install libsecret-1-dev
sudo yum install libsecret-devel
sudo pacman -S libsecret
The Graph CLI can be used with a local or self-hosted Graph Node or with the Subgraph Studio. To help you get going, there are quick start guides available for both.
Additionally, you can use Graph CLI to publish your subgraph to the decentralized network directly.
If you are ready to dive into the details of building a subgraph from scratch, there is a detailed walkthrough for that as well, along with API documentation for the AssemblyScript API.
The Graph CLI is released on npm and
published as a Binary on GitHub Releases.
We support all the version of CLI that support
Maintenance, LTS and Current Node.js releases.
Additionally if there are graph-node
specific features that are breaking and no-longer supported,
we will drop support for older versions of CLI. After 90 days of a new Node.js
release, we will
drop support for the oldest Node.js
version.
End-of-life Releases
Release | End-of-life | Reason |
---|---|---|
>=0.60.0 | December 31, 2023 | No longer supporting Node 16 or lower |
Copyright © 2018-2019 Graph Protocol, Inc. and contributors.
The Graph CLI is dual-licensed under the MIT license and the Apache License, Version 2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
CLI for building for and deploying to The Graph
The npm package @graphprotocol/graph-cli receives a total of 17,274 weekly downloads. As such, @graphprotocol/graph-cli popularity was classified as popular.
We found that @graphprotocol/graph-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.