New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@scopeblind/create

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@scopeblind/create

CLI tool to scaffold ScopeBlind-protected applications

latest
Source
npmnpm
Version
2.0.1
Version published
Weekly downloads
2
100%
Maintainers
1
Weekly downloads
 
Created
Source

@scopeblind/create

CLI tool to scaffold ScopeBlind-protected applications with a single command.

Usage

Create a New Project

npx @scopeblind/create create

Or install globally:

npm install -g @scopeblind/create
brass create

Direct Project Creation

# Create Next.js app
npx @scopeblind/create create next-app my-app

# Create Cloudflare Worker
npx @scopeblind/create create worker my-worker

Project Types

Next.js App

Creates a Next.js 14 application with:

  • ScopeBlind React hooks (useBrass)
  • Protected API routes (withBrassVerifier)
  • Example form component
  • TypeScript configuration
  • Tailwind CSS setup

Generated structure:

my-app/
├── app/
│   ├── page.tsx              # Example form using useBrass
│   └── api/
│       └── submit/
│           └── route.ts       # Protected API route
├── package.json
├── .env.example
└── README.md

Next steps:

cd my-app
npm install
cp .env.example .env.local    # Add your ScopeBlind credentials
npm run dev

Cloudflare Worker

Creates a Cloudflare Worker with:

  • ScopeBlind worker helper (createBrassWorker)
  • KV namespace configuration
  • Wrangler setup
  • TypeScript configuration

Generated structure:

my-worker/
├── src/
│   └── index.ts              # Worker with ScopeBlind protection
├── wrangler.toml             # Cloudflare configuration
├── package.json
└── README.md

Next steps:

cd my-worker
npm install
wrangler kv:namespace create ScopeBlind_KV  # Create KV namespace
# Update wrangler.toml with KV namespace ID
wrangler secret put ScopeBlind_SECRET_KEY
wrangler secret put ScopeBlind_ISSUER_PUBKEY
wrangler deploy

Interactive Mode

Running brass create without arguments starts interactive mode:

$ brass create

🛡️  ScopeBlind Project Creator

? What type of project do you want to create? › 
  Next.js App (with React hooks)
  Cloudflare Worker

? Project name: › my-brass-app

Environment Variables

Next.js Projects

Create .env.local:

ScopeBlind_SECRET_KEY=your_secret_key_here
ScopeBlind_ISSUER_PUBKEY=issuer_public_key_hex

Cloudflare Workers

Set secrets via Wrangler:

wrangler secret put ScopeBlind_SECRET_KEY
wrangler secret put ScopeBlind_ISSUER_PUBKEY

Get issuer public key:

# For self-hosted:
curl https://your-issuer.workers.dev/pub

# For managed service:
# Get from https://brassproof.com/dashboard

Commands

create [type] [name]

Create a new ScopeBlind-protected project.

Arguments:

  • type - Project type: next-app or worker
  • name - Project directory name

Options:

  • -h, --help - Display help
  • -V, --version - Display version

Examples:

# Interactive mode
brass create

# Create Next.js app
brass create next-app my-nextjs-app

# Create Cloudflare Worker
brass create worker my-worker

What Gets Created

Next.js App

Dependencies:

  • next - Next.js framework
  • react - React library
  • @scopeblind/nextjs - ScopeBlind Next.js integration
  • @scopeblind/verifier - Core verifier
  • tailwindcss - Styling

Features:

  • Protected API route example
  • Client-side form with ScopeBlind hook
  • TypeScript support
  • Tailwind CSS configuration
  • Environment variable setup

Cloudflare Worker

Dependencies:

  • @scopeblind/cloudflare - ScopeBlind Cloudflare integration
  • @scopeblind/verifier - Core verifier
  • wrangler - Cloudflare CLI

Features:

  • Protected worker handler
  • KV namespace configuration
  • Rate limiting setup
  • TypeScript support
  • Wrangler configuration

Customization

After creating a project, you can customize:

Rate Limits

Edit the rateLimits configuration:

// Next.js: app/api/submit/route.ts
export const POST = withBrassVerifier(handler, {
  scope: 'custom-scope',
  rateLimits: {
    'custom-scope': { maxRequests: 100, windowSeconds: 3600 }
  }
})

// Worker: src/index.ts
export default {
  fetch: createBrassWorker(handler, {
    rateLimits: {
      'message': { maxRequests: 50, windowSeconds: 3600 }
    }
  })
}

CORS Headers

// Worker
export default {
  fetch: createBrassWorker(handler, {
    corsHeaders: {
      'Access-Control-Allow-Origin': 'https://yourdomain.com',
    }
  })
}

Troubleshooting

"Directory already exists"

The CLI will prompt you to overwrite. Choose yes to replace the existing directory.

"npm install fails"

Ensure you have Node.js 18+ installed:

node --version

"wrangler command not found"

Install Wrangler globally:

npm install -g wrangler

Learn More

  • ScopeBlind Documentation
  • @scopeblind/nextjs
  • @scopeblind/cloudflare
  • @scopeblind/verifier
  • GitHub Repository

License

MIT - see LICENSE for details.

Keywords

scopeblind
brass
cli
scaffolder
nextjs
cloudflare

FAQs

Package last updated on 19 Nov 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026