Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
bkmrkd is a self-hosted, lightweight bookmarking service running on node.js, react, and rethinkdb.
screenshots
installation
running in a production environment
migrating from 1.0 to 2.0
contributing
license
With version 2.3.0
, there are a couple of options to run bkmrkd. You can run it with one of the npm scripts, programmatically, or as a global command.
There are npm scripts for development, staging, and production. This is the only one that doesn't work if you're using this from npm.
# install the required modules
npm install
# if you want to run locally
npm start
# for testing daemonized with pm2
npm run stage
npm run stage:restart
npm run stage:stop
# for production daemonized with pm2
# unless you put your SSL certs in the `ssl` directory
# you'll want to provide the path with an env variable
BKMRKD_CONFIG_PATH=/path/to/config/file npm run prod
BKMRKD_CONFIG_PATH=/path/to/config/file npm run prod:restart
npm run prod:stop
If you'd like to mount bkmrkd inside another app/node script, this is totally do-able too. The module exports both the express app and the SPDY server.
It's important to note here, however, that if you want to use the SPDY server bundled, you need to either move your certs into ./ssl/server.crt
and ./ssl/server.key
. You can also specify the path to your config (relative to your cwd) by setting the BKMRKD_CONFIG_PATH
environment variable.
const bkmrkdApp = require('bkmrkd').app
const bkmrkdServer = require('bkmrkd').server
// mount the app as you will
app.use('/bkmrkd', bkmrkdApp)
// run the server with some other logic around it
bkmrkdServer.listen(3000)
Upon installation, npm will symlink a bkmrkd binary into a folder in your path. The command is bkmrkd
, and there are a few options you can provide.
Usage:
bkmrkd [options]
Options:
--daemon, -d Daemonize the bkmrkd process with pm2
--config, -c The path to your config file for bkmrkd
--port, -p The port that bkmrkd should bind to. Defaults to 3000. Precedence is given to the config file
--help, -h Print this help info
Simply drag the bookmarklet to your bookmarks bar and click it on a webpage you want to save. Simple.
So you want to run this for real. On the web. That's awesome. Everyone will want this to be setup differently, but this is how I've approached it.
To work on bkmrkd locally, you'll want to start the node server and run gulp.
# make sure rethinkdb is running
rethinkdb --daemon
# start the server in development mode
npm start
# in another window or tab, start gulp and watch for file changes
gulp
I don't think there are enough instances of bkmrkd (plus it didn't work that well) to warrant an upgrade guide. If you want one though, let me know and I'll create a guide. You can also check out migrating from mongodb to rethinkdb.
Please make a pull request! bkmrkd follows the js standard styleguide.
To keep track of the roadmap, I'm using issues, and more specifically, milestones.
FAQs
A simple self-hosted bookmark manager written in javascript
The npm package bkmrkd receives a total of 11 weekly downloads. As such, bkmrkd popularity was classified as not popular.
We found that bkmrkd demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.