
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
bpmn-js-cli
Advanced tools
As of version
1.0.0
this library exposes ES modules. Use an ES module aware bundler such as Webpack or Rollup to bundle it for the browser.
An extensible command line interface for bpmn-js.
Checkout demo.js
for the commands powering this demo.
Out of the box, the cli supports the following commands:
append source type [deltaPos]
connect source target type
create type position parent
element id
elements
move shape delta [newParentId]
undo
redo
save svg|bpmn
setLabel element label
setRoot element|elementId
removeShape shape|elementId
removeConnection connection|connectionId
Get the list of available commands:
cli.help();
Get the list of elements:
cli.elements();
Export SVG or BPMN 2.0 xml
cli.save('svg' || 'bpmn');
Deploy the cli with bpmn-js:
var BpmnModeler = require('bpmn-js/lib/Modeler'),
CliModule = require('bpmn-js-cli');
var modeler = new BpmnModeler({
container: document.body,
additionalModules: [
CliModule
],
cli: {
bindTo: 'cli'
}
});
modeler.importXML('some-bpmn-xml')
.then(({ warnings }) => {
// ...
})
.catch(err => {
console.error(err);
});
Access the cli as cli
in your developer console (open via F12
in most browsers).
Use the cli to model BPMN 2.0 diagrams in your browser. Pain free.
MIT
2.4.0
DEPS
: dependency updatesCHORE
: consistently use ES modules internallyFAQs
A command-line interface for bpmn-js
The npm package bpmn-js-cli receives a total of 4,815 weekly downloads. As such, bpmn-js-cli popularity was classified as popular.
We found that bpmn-js-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.