Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose
KeystoneJS is a powerful Node.js content management system and web app framework built on the Express web framework and Mongoose ODM. Keystone makes it easy to create sophisticated web sites and apps, and comes with a beautiful auto-generated Admin UI.
Check out our demo site to see it in action.
For Keystone v4 documentation and guides, see keystonejs.com.
For Keystone v0.3 documentation, see v3.keystonejs.com.
This section provides a short intro to Keystone. Check out the Getting Started Guide in the Keystone documentation for a more comprehensive introduction.
The easiest way to get started with Keystone is to use the Yeoman generator:
$ npm install -g generator-keystone
$ yo keystone
Answer the questions, and the generator will create a new project based on the options you select, and install the required packages from npm.
Alternatively, to include Keystone in an existing project or start from scratch (without Yeoman), specify keystone: "4.0.0"
in the dependencies
array of your package.json
file, and run npm install
from your terminal.
Then read through the Documentation and the Example Projects to understand how to use it.
Config variables can be passed in an object to the keystone.init
method, or can be set any time before keystone.start
is called using keystone.set(key, value)
. This allows for a more flexible order of execution. For example, if you refer to Lists in your routes you can set the routes after configuring your Lists.
See the KeystoneJS configuration documentation for details and examples of the available options.
Keystone builds on the basic data types provided by MongoDB and allows you to easily add rich, functional fields to your application's models.
You get helper methods on your models for dealing with each field type easily (such as formatting a date or number, resizing an image, getting an array of the available options for a select field, or using Google's Places API to improve addresses) as well as a beautiful, responsive admin UI to edit your data with.
See the KeystoneJS database documentation for details and examples of the various field types, as well as how to set up and use database models in your application.
When you deploy your KeystoneJS app to production, be sure to set your ENV
environment variable to production
.
You can do this by setting NODE_ENV=production
in your .env
file, which gets handled by dotenv.
Setting your environment enables certain features (including template caching, simpler error reporting, and HTML minification) that are important in production but annoying in development.
We have a friendly, growing community and welcome everyone to get involved:
keystonejs.
We love to hear feedback about Keystone and the projects you're using it for. Ping us at @KeystoneJS on Twitter.
If you can, please contribute by reporting issues, discussing ideas, helping answer questions from other developers, or submitting pull requests with patches and new features. We do our best to respond to all issues and pull requests, and make patch releases to npm regularly.
If you're going to contribute code, please follow our coding standards and read our Contributing Guide.
If you are using KeystoneJS in any projects we encourage you to add to our Related Projects Page. This is also the place to find generators and other projects that bundle KeystoneJS.
KeystoneJS is a free and open source community-driven project. Thanks to our many contributors and users for making it great.
Keystone's development has been led by key contributors including Jed Watson, Joss Mackison, and Max Stoiber and is proudly supported by Thinkmill in Sydney, Australia.
(The MIT License)
Copyright (c) 2016-2019 Jed Watson
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose
The npm package keystone receives a total of 271 weekly downloads. As such, keystone popularity was classified as not popular.
We found that keystone demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.