Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
firebase-tools
Advanced tools
The firebase-tools npm package provides a command-line interface (CLI) for managing Firebase projects and their resources. It allows developers to deploy, configure, and manage Firebase services such as Firestore, Realtime Database, Authentication, Hosting, Cloud Functions, and more.
Deploying Firebase Hosting
This command deploys your web app to Firebase Hosting. It uploads your local files to Firebase and makes them available on your Firebase project's web URL.
firebase deploy --only hosting
Deploying Cloud Functions
This command deploys your Cloud Functions to Firebase. It uploads your function code to Firebase and makes it available to be triggered by events.
firebase deploy --only functions
Deploying Firestore Rules
This command deploys your Firestore security rules. It uploads your rules to Firebase, ensuring that your Firestore database is protected according to your specifications.
firebase deploy --only firestore:rules
Emulating Firebase Services
This command starts the Firebase emulators for local development. It allows you to test your Firebase app locally without interacting with the live Firebase services.
firebase emulators:start
Initializing a Firebase Project
This command initializes a new Firebase project in your local directory. It sets up the necessary configuration files and allows you to select which Firebase services you want to use.
firebase init
The AWS CLI is a unified tool to manage your AWS services. It provides similar functionalities to firebase-tools but for AWS services. It allows you to control multiple AWS services from the command line and automate them through scripts.
The gcloud CLI is a command-line tool for interacting with Google Cloud Platform services. It offers functionalities similar to firebase-tools but for a broader range of Google Cloud services. It allows you to deploy, manage, and configure Google Cloud resources.
The Netlify CLI provides a command-line interface for interacting with Netlify services. It offers functionalities similar to Firebase Hosting, allowing you to deploy and manage web projects on the Netlify platform.
These are the Firebase Command Line (CLI) Tools. They can be used to:
To get started with the Firebase CLI, read the full list of commands below or check out the hosting-specific CLI documentation.
To install the Firebase CLI, you first need to sign up for a Firebase account.
Then you need to install Node.js and npm. Note that installing Node.js should install npm as well.
Once npm is installed, get the Firebase CLI by running the following command:
npm install -g firebase-tools
This will provide you with the globally accessible firebase
command.
The command firebase --help
lists the available commands and firebase <command> --help
shows more details for an individual command.
If a command is project-specific, you must either be inside a project directory with a
firebase.json
configuration file or specify the Firebase project name with the -f <project>
flag.
Below is a brief list of the available commands and their function:
Command | Description |
---|---|
login | Authenticate to your Firebase account. Requires access to a web browser. |
logout | Sign out of the Firebase CLI. |
list | Print a list of all of your Firebase projects. |
open | Open the deployed Firebase Hosting site or various dashboard panels for the current Firebase project. |
init | Setup a new Firebase project in the current directory. This command will create a firebase.json configuration file in your current directory. |
help | Display help information about the CLI or specific commands. |
prefs:token | Print out your authenticated access token for use in CI/headless systems. |
These commands let you deploy and interact with your Firebase Hosting site.
Command | Description |
---|---|
deploy | Deploys all components (both hosting and security rules) of your Firebase project. Relies on firebase.json configuration. |
deploy:hosting | Deploy only the Firebase Hosting site assets to your Firebase project. Relies on firebase.json configuration. |
deploy:rules | Deploy only the Firebase Security Rules to your Firebase project. Relies on firebase.json configuration. |
disable:hosting | Stop serving Firebase Hosting traffic for the current project. A "Site Not Found" message will be displayed at your URL after running this command. |
serve | Start a local web server with your Firebase Hosting configuration. Relies on firebase.json. |
Command | Description |
---|---|
data:get | Fetch data from the current project's database and display it as JSON. Supports querying on indexed data. |
data:set | Replace all data at a specified location in the current project's database. Takes input from file, STDIN, or command-line argument. |
data:update | Perform a partial update at a specified location in the current project's database. Takes input from file, STDIN, or command-line argument. |
data:push | Push new data to a list at a specified location in the current project's database. Takes input from file, STDIN, or command-line argument. |
data:remove | Delete all data at a specified location in the current project's database. |
The Firebase CLI requires a browser to complete authentication, but is fully compatible with CI and other headless environments.
firebase login:ci
to log in and print out a new access token
(the current CLI session will not be affected).There are two ways to use this token when running Firebase commands:
FIREBASE_TOKEN
and it will
automatically be utilized.--token <token>
flag in your CI system. You
may need to quote the token for it to be passed properly (e.g. firebase deploy --token '-JXXXX|YYYYY'
).The order of precedence for token loading is flag, environment variable, config file.
On any machine with firebase-tools, running firebase logout --token <token>
will immediately revoke access to the specified token.
The Firebase CLI can also be used programmatically as a standard Node module. Each command is exposed as a function that takes an options object and returns a Promise. For example:
var client = require('firebase-tools');
client.list().then(function(data) {
console.log(data);
}).catch(function(err) {
// handle error
});
client.deploy.rules({
firebase: 'myfirebase',
token: process.env.FIREBASE_TOKEN,
cwd: '/path/to/project/folder'
}).then(function() {
console.log('Rules have been deployed!')
}).catch(function(err) {
// handle error
});
FAQs
Command-Line Interface for Firebase
The npm package firebase-tools receives a total of 414,945 weekly downloads. As such, firebase-tools popularity was classified as popular.
We found that firebase-tools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.