Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@monteway/app
Advanced tools
Core package of Monteway.js that is responsible for creating a project from scratch with a single command. It has also a feature of extending new or already existing projects with some predefined functionalities (called extensions).
npm i -D @monteway/app
create
commandCreate new Next.js app
npx @monteway/app create --template next --directory montewayjs-next-app
This will setup a very, very basic Next.js application with TypeScript. The project is minimal, it has no styling solution pre-configured. You can add it using extensions (continue below to see it).
Create new Remix app
npx @monteway/app create --template remix --directory montewayjs-remix-app
An experimental template for Remix v1 app. We do not use Remix in the company right now for any production projects, so this is just a reference for the future to make sure that @monteway/app
can support different frameworks.
Create new Express server
npx @monteway/app create --template express --directory montewayjs-express-app
Just an Express server with healtcheck route, CORS, cookies and body parsing enabled.
extend
commandThere are two ways to use the extend
command to add extra functionalities or setup to the project:
Interactive mode that displays a multiselect list with extensions compatible with the template we use:
npx @monteway/app extend --template next --directory montewayjs-next-app
Command line arguments to specify what features we want to add:
npx @monteway/app extend --template next --directory montewayjs-next-app --with axios --with button
This example adds a file with axios instance basic configuration and also a very generic button component.
Here you can find a full reference of extensions we support along with information what templates are compatible with it.
Extension (--with ) | Compatible --template | Description |
---|---|---|
button | next, remix | React button component |
dependabot | all | Auto merge updates for npm libraries |
eslint | express | ESLint config |
eslint-next | next | ESLint config for Next.js |
eslint-remix | remix | ESLint config for Remix |
input | next, remix | React input component |
lefthook | all | Pre-commit hooks |
password-auth | next | Login, logout, forgot + reset password |
postinstall-script | all | Run some setup after npm install |
prettier | all | Prettier config |
react-query | next | Wraps Next app with React Query |
render | all | Deploy to Render.com |
tailwind | next | Adds Tailwind to app |
FAQs
CLI to easily create and extend projects templates
We found that @monteway/app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.