🎩 You're Invited:Meet the Socket team at Black Hat in Las Vegas, August 3-6.RSVP
Sign In

@stora-sh/cli

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@stora-sh/cli

Stora CLI — compliance scans, screenshots, ASO, submission status for iOS + Android from your terminal

latest
Source
npmnpm
Version
0.1.0
Version published
Weekly downloads
12
140%
Maintainers
1
Weekly downloads
 
Created
Source

@stora-sh/cli

Stora's CLI. Compliance scans, screenshots, ASO metadata, and submission status — for iOS + Android, from your terminal and CI.

Stora is the post-code layer. Your IDE writes code; stora handles everything downstream.

Install

npm install -g @stora-sh/cli
# or, run once
npx @stora-sh/cli --help

Auth

Get an API key at https://stora.sh/settings/api-keys (keys start with sk_stora_).

# option 1 — persist (stored 0600 at ~/.config/stora/credentials.json)
stora login --api-key sk_stora_…

# option 2 — env var, wins over the saved file
export STORA_API_KEY=sk_stora_…

For self-hosted or local dev against a Stora Next.js dev server:

stora login --api-key sk_stora_… --base-url http://localhost:3000/api/v1
# or
export STORA_BASE_URL=http://localhost:3000/api/v1

Usage

stora init                      # scaffold .stora.yml + .github/workflows/stora-check.yml
stora projects list             # list projects accessible to your key
stora projects get <projectId>
stora check <projectId>         # run compliance, poll, exit non-zero if score < threshold
stora check --all-projects      # agency pattern — scan every accessible project
stora check:results <projectId> <scanId>
stora screenshots list <projectId>
stora screenshots generate <projectId> --device iphone-16-pro --target-store apple
stora screenshots get <projectId> <collectionId> --json
stora metadata get <projectId>
stora metadata set <projectId> --ios-subtitle "Ship faster" --ios-keywords "mobile,dev,tools"
stora status <projectId>
stora submit <projectId> --store app-store --platform ios --yes
stora whoami
stora logout

Every command that reads data supports --json for piping into other tools.

Exit codes

  • 0 — success
  • 1 — user error (missing auth, bad arg, API error)
  • 2 — compliance scan completed below the --threshold score (default 80)

CI: stora check in GitHub Actions

stora init drops a starter workflow at .github/workflows/stora-check.yml. Add STORA_API_KEY to your repo secrets and edit the workflow to pass your Stora project id:

- name: Run compliance check
  env:
    STORA_API_KEY: ${{ secrets.STORA_API_KEY }}
  run: stora check proj_abc123 --threshold 85

The job fails the PR if score falls below --threshold.

Submission caveat

stora submit wraps the historical /api/v1/.../submit route, which is bookkeeping only — it records a local submissions row but does not transmit your app to App Store Connect or Google Play. For real App Store submission, use the Stora dashboard (or call /api/apple/submit-for-review directly). Google Play write-path via v1 is not yet implemented.

The CLI warns you every time and requires --yes to proceed so nobody gets surprised.

Development

npm install
npm run build
npm test

License

MIT

Keywords

cli

FAQs

Package last updated on 20 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts