An IPFS-backed package manager proxy cache, packaged up as an electron menu bar app.
⚠️ This project is early development, things may not work and there will be frequent breaking changes ⚠️
If you'd like to contribute to the project, check out the existing issues, add your own feature requests or report bugs: https://github.com/forestpm/forest/issues
Forest proxies package manager http requests and caches requested packages onto IPFS then announces the CID of newly cached packages on the IPFS public DHT.
Forest listens for announcements of packages being cached to IPFS and stores announced metadata. Next time forest proxies a request for a packages that it already has the CID for, it will attempt to download the package via IPFS first, falling back to downloading the package from the original source via http if the IPFS download fails.
Forest trusts other instances but also verifies that the packages downloaded from IPFS match the original copies from the upstream registry.
Package metadata is also cached locally so you can use your package manager whilst offline too.
Headless CLI - run forest as a daemon, ideal for usage on a server or in CI
Republish local packages - republish all packages and their dependencies found in local metadata for resilient offline usage
Seeding mode - Republish copies of all packages announced on the IPFS public DHT
Export/import - easily share multiple packages cached instantly with other instances via IPFS
Watch mode - watch for new package releases and seed each one to IPFS
Package index UI - see which packages have been proxied, cached and stored on IPFS
Local package search - search through locally available packages
HTTP API - control forest over http
Javascript API - integrate forest into other javascript applications
Build from source on mac:
git clone https://github.com/forestpm/forest.git
cd forest
npm install
To configure npm to use forest as a proxy:
npm run config
# or manually set the following in your .npmrc
npm config set proxy http://0.0.0.0:8005/
npm config set https-proxy http://0.0.0.0:8005/
npm config set registry http://registry.npmjs.org/
npm config set strict-ssl false
# restore the defaults with
npm run unconfig
To configure go modules to use forest as a proxy, set the following env var in your shell:
GOPROXY=http://localhost:8005
Start the electon app:
npm start
or compile the electron app into ./dist:
npm run pack
and link the command line interface:
npm link
Run just the http server directly in the command line:
forest server
Open the UI dashboard in your browser (http://localhost:8005/):
forest browse
You can help seed packages without running a proxy:
forest seed
You can watch for all new packages and publish them to IPFS:
forest watch
Import all packages from a package-lock.json file and import and record in a forest.lock file:
forest republish
Read a forest.lock file and download+verify each package via IPFS:
forest import
List all the packages and versions that forest has cached locally:
forest packages
Search packages by name, example:
forest search electron
Search the current directory for package-lock.json files and import all packages listed:
forest preload
Check for updates to all cached packages and download any missing ones:
forest update
Validate the CID of each cached package version:
forest verify
Empty the forest database and remove all cached packages:
forest reset
List peers sharing similar packages to you:
forest peers
Export all packages as a single IPFS directory:
forest export
Find your IPFS peer ID that forest is using:
forest id
MIT License © 2021 Andrew Nesbitt.
FAQs
An IPFS-backed package manager proxy cache
The npm package forestpm receives a total of 2 weekly downloads. As such, forestpm popularity was classified as not popular.
We found that forestpm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.