Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Command line utility helps to develop widgets for near.social by allowing developers to use standard developer tools like their best code editor and standard tools for source code version control, and then deploy their widgets to SocialDB in one command.
Command line utility helps to develop components for NEAR Blockchain Operating System by allowing developers to use standard developer tools like their best code editor and standard tools for source code version control, and then deploy their components to SocialDB in one command.
project
- Project managementcomponents
- Working with components (Download, Deploy, etc.)socialdb
- SocialDb managementnew
allows you to initialize, edit and then deploy a new component to your near.social account.deploy
allows you to upload/publish components from your local ./src
folder to near.social account.diff
shows changes between deployed and local components.download
allows you to download the existing components from any near.social account to the local ./src
folder.delete
allows you to delete the existing components from any near.social account.Note:
By default, the Social DB prefix is computed as
<account-id>/widget/<component-folder>.<component-name>
. If you wish, you can change the default folder (widget
) using CLI option:--social-db-folder
:
bos components --social-db-folder "component_beta" download ...
view
allows you to view information by a given key.set
allows you to add or update information by a given key.delete
allows you to delete information by the specified key.view-profile
allows you to view the profile for an account.update-profile
allows you to update profile for the account.view-balance
allows you to view the storage balance for an account.deposit
allows you to make a storage deposit for the account.withdraw
allows you to make a withdraw a deposit from storage for an account ID.grant-write-access
allows grant access to the access key to call a function or another account.More commands are still on the way, see the issues tracker and propose more features there.
You can find binary releases of bos
CLI for your OS on the Releases page.
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/bos-cli-rs/bos-cli-rs/releases/latest/download/bos-cli-installer.sh | sh
irm https://github.com/bos-cli-rs/bos-cli-rs/releases/latest/download/bos-cli-installer.ps1 | iex
npx bos-cli
npm install bos-cli
Before getting to installation, make sure you have Rust and system dependencies installed on your computer.
To install system dependencies:
apt install pkg-config libudev-dev
dnf install pkg-config libudev-devel
Once system dependencies and Rust are installed you can install the latest released bos-cli
from sources by using the following command:
cargo install bos-cli
or, install the most recent version from git repository:
$ cargo install --git https://github.com/bos-cli-rs/bos-cli-rs
This repo contains a reusable workflow which you can directly leverage from your component repository
Prepare access key that will be used for components deployment.
It is recommended to use a dedicated function-call-only access key, so you need to:
1.1. Add a new access key to your account, explicitly adding permissions to call the set
method. Here is near CLI command to do that:
near account add-key "ACCOUNT_ID" grant-function-call-access --allowance '1 NEAR' --receiver-account-id social.near --method-names 'set' autogenerate-new-keypair print-to-terminal network-config mainnet
1.2. Grant write permission to the key (replace PUBLIC_KEY
with the one you added to the account on the previous step, and ACCOUNT_ID
with the account id where you want to deploy BOS components):
near contract call-function as-transaction social.near grant_write_permission json-args '{"public_key": "PUBLIC_KEY", "keys": ["ACCOUNT_ID/widget"]}' prepaid-gas '100.000 TeraGas' attached-deposit '1 NEAR' sign-as "ACCOUNT_ID" network-config mainnet
Note: The attached deposit is going to be used to cover the storage costs associated with the data you store on BOS, 1 NEAR is enough to store 100kb of data (components code, metadata, etc).
In your repo, go to Settings > Secrets and Variables > Actions and create a new repository secret named SIGNER_PRIVATE_KEY
with the private key in ed25519:<private_key>
format (if you followed (1.1), it is be printed in your terminal)
Create a file at .github/workflows/deploy-mainnet.yml
in your component repo with the following contents.
See the workflow definition for explanations of the inputs
name: Deploy Components to Mainnet
on:
push:
branches: [main]
jobs:
deploy-mainnet:
uses: bos-cli-rs/bos-cli-rs/.github/workflows/deploy-mainnet.yml@master
with:
deploy-account-address: <FILL>
signer-account-address: <FILL>
signer-public-key: <FILL>
secrets:
SIGNER_PRIVATE_KEY: ${{ secrets.SIGNER_PRIVATE_KEY }}
Commit and push the workflow
On changes to the main
branch, updated components in src
will be deployed!
Copy the contents of .github/workflows/deploy-mainnet.yml
to your repo as a starting point
FAQs
Command line utility helps to develop widgets for near.social by allowing developers to use standard developer tools like their best code editor and standard tools for source code version control, and then deploy their widgets to SocialDB in one command.
We found that bos-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.