Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@twreporter/keystone
Advanced tools
Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose
KeystoneJS is a powerful Node.js content management system and web app framework built on express and mongoose. Keystone makes it easy to create sophisticated web sites and apps, and comes with a beautiful auto-generated Admin UI.
Check out keystonejs.com for documentation and guides.
You can also deploy a starter project to Heroku for free to try it out:
We've been working on a major update to Keystone for several months now, rewriting the Admin UI as a ReactJS App.
Work on this has now been merged into our master
branch, which is currently not stable (but which we encourage you to try out and give us feedback on!). Stable 0.3.x
releases will continue to be published from the 0.3.x
branch.
UPDATE: Our demo site has been updated to the new version - check it out and let us know what you think!
For more information on the upcoming version, including how to try it out and get involved, check out issue #1612
Keystone gives you:
models
with additional field types and functionality, building on those natively supported by Mongoose... plus a lot of other tools and utilities to make creating complex web apps easier.
Use our Yeoman Generator to get up and running with KeystoneJS quickly, then check out our getting started guide & docs at keystonejs.com/docs/getting-started.
We have a demo website at demo.keystonejs.com where you can play with the Keystone Admin UI, and you can read the source to see how it was built.
We have a friendly, growing community and welcome everyone to get involved.
Here are some ways:
keystonejs
We love to hear feedback about Keystone and the projects you're using it for. Ping us at @KeystoneJS on twitter.
If you are using KeystoneJS in any projects we encourage you to add it to our Related Projects Page. This is also the place to find generators and such that bundle KeystoneJS.
If you can, please contribute by reporting issues, discussing ideas, or submitting pull requests with patches and new features. We do our best to respond to all issues and pull requests within a day or two, and make patch releases to npm regularly.
If you're going to contribute code, please follow our coding standards.
Check out the KeystoneJS Getting Started Guide to start using KeystoneJS.
The easiest way to get started with Keystone is to use the Yeoman generator:
$ npm install -g generator-keystone
$ yo keystone
Answer the questions, and the generator will create a new project based on the options you select, and install the required packages from npm.
Alternatively, to include Keystone in an existing project or start from scratch (without Yeoman), specify keystone: "^0.3.9"
in the dependencies
array of your package.json
file, and run npm install
from your terminal.
Then read through the Documentation and the Example Projects to understand how to use it.
Running in default mode, Keystone takes care of everything required to configure your application with Express, connect to your MongoDB database, and start the web server.
Here is an example of what your keystone.js
(or app.js
, etc) file may look like:
var keystone = require('keystone');
keystone.init({
'name': 'My Project',
'brand': 'Project',
'less': 'public',
'static': 'public',
'views': 'templates/views',
'view engine': 'jade',
'auth': true,
'user model': 'User',
'cookie secret': '--- your secret ---',
'auto update': true
});
keystone.import('models');
keystone.set('routes', require('./routes'));
keystone.start();
Config variables can be passed in an object to the keystone.init
method, or can be set any time before keystone.start
is
called using keystone.set(key, value)
. This allows for a more flexible order of execution (e.g. if you refer to Lists in your
routes, you can set the routes after configuring your Lists, as in the example above).
See the KeystoneJS configuration documentation for details and examples of the available configuration options.
To understand how these settings are used, and how the Express application is initialised, see Keystone.prototype.start
in lib/core/start.js
.
Keystone builds on the basic data types provided by mongo and allows you to easily add rich, functional fields to your application's models.
You get helper methods on your models for dealing with each field type easily (such as formatting a date or number, resizing an image, getting an array of the available options for a select field, or using Google's Places API to improve addresses) as well as a beautiful, responsive admin UI to edit your data with.
See the KeystoneJS database documentation for details and examples of the various field types, as well as how to set up and use database models in your application.
Keystone's field types include:
Keystone also has Relationship fields for managing one-to-many and many-to-many relationships between different models.
When you deploy your KeystoneJS app to production, be sure to set your ENV
environment variable to production
.
You can do this by setting NODE_ENV=production
in your .env
file, which gets handled by dotenv.
Setting your environment enables certain features, including template caching, simpler error reporting and html minification, that are important in production but annoying in development.
If you want to test or develop against the master
branch of KeystoneJS (or against your own branch), rather than a published version on npm, you just need to check it out then use npm link
to link it to your project. On Mac OS, this is done like this:
~/Development/KeystoneJS
sudo npm link
(you will need to enter your system password)~/Development/MySite
(the one with your package.json
file in it) run npm link keystone
. This will create a link between ~/Development/MySite/node_modules/keystone
and ~/Development/KeystoneJS
.Then require('keystone')
normally in your app - the development copy will be used. Note that running npm update
will ignore new versions of keystone that have been published.
To go back to using a published version of KeystoneJS from npm, from your project directory, run npm unlink keystone
then npm install
.
To run the test suite run npm test
.
KeystoneJS is a free and open source community-driven project. Thanks to our many contributors and users for making it great.
Thanks to the following companies and projects whose work we have used or taken inspiration from in the making of KeystoneJS:
(The MIT License)
Copyright (c) 2015 Jed Watson
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose
We found that @twreporter/keystone demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.