Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
lego-starter-kit
Advanced tools
Lego Starter Kit — Node.js & React isomorphic app creator (Node.js, Express, React.js, Babel, PostCSS, Webpack)
Вдохновлен:
this.useMiddlewares()
this.useRoutes()
this.useDefaultRoute()
А также:
Токен можно прикладывать следующими методами
Authorization: Bearer %USER_TOKEN%
X-Access-Token: %USER_TOKEN%
token=%USER_TOKEN%
?token=%USER_TOKEN%
LSKit принимает стоковый Bunyan логгер
log.trace('Starting method');
if (!req.user) {
log.fatal('Cannot get User');
throw new Error('Cannot get User')
}
log.info('Method success');
npm
v3.10 or newer (new to npm?)node-gyp
prerequisites mentioned hereBefore you start, take a moment to see how the project structure looks like:
.
├── /build/ # Директория в которую билдится проект
├── /node_modules/ # Сторонние библиотеки и утилиты
├── /src/ # Исходный код приложения
│ ├── /CoreApp/ # Базовое приложение
│ │ ├── /api/ # Интерфейс клиент-серверного взаимодействия
│ │ ├── /middlewares/ # Среднии слои express
│ │ ├── /models/ # Модели базы данных
│ │ ├── /resourses/ # Ресурсы
│ │ ├── CoreApp.js # Класс-реализация базового приложения
│ │ ├── requests.js # Реквесты приложения
│ │ └── responses.js # Респонсы приложения
│ ├── /ReactApp/ # Базовое приложение
│ │ ├── /compoents/ # React компоненты
│ │ ├── /Html/ # Класс-реализа
│ │ ├── /Html/ # Класс-реализа
│ │ ├── /Html/ # Класс-реализа
│ │ ├── /routes/ # Роутер с страницами\экранами, которые являются React компонентами
│ │ ├── /models/ # Модели базы данных
│ │ ├── /resourses/ # Ресурсы
│ │ ├── /routes/ # Роутер с страницами\экранами, которые являются React компонентами
│ │ ├── /stores/ # Сторы React приложения
│ │ ├ └── /AppStore.js # Главный стор React приложения
│ │ ├── ReactApp.client.js # Класс-реализация базового приложения на клиенте
│ │ ├── ReactApp.server.js # Класс-реализация базового приложения на сервере
│ │ ├── requests.js # Реквесты приложения
│ │ └── responses.js # Респонсы приложения
│ ├── /client.js # Точка входа Клиентского приложения
│ ├── /config # Общие настройки проекта
│ └── /server.js # Точка входа Сервернрнр приложения
├── /test/ # Модульные и интеграционные тесты
├── /tools/ # Скрипты и утилиты для автоматизации сборки проекта
│ ├── /config.js # Конфигурация сборки проекта
│ ├── /run.js # Система запуска сборки
│ └── /webpack.config.js # Конфигурация Вебпака для клинстких и серверных бандлов
└── package.json # Список сторонних библиотек и утилит
Note: The current version of RSK does not contain a Flux implementation. It can be easily integrated with any Flux library of your choice. The most commonly used Flux libraries are Flux, Redux, and Relay.
You can start by cloning the latest version of React Starter Kit (RSK) on your local machine by running:
$ git clone -o lego-starter-kit -b master --single-branch \
https://github.com/isuvorov/lego-starter-kit.git MyApp
$ cd MyApp
Alternatively, you can start a new project based on RSK right from WebStorm IDE, or by using Yeoman generator.
npm install
This will install both run-time project dependencies and developer tools listed in package.json file.
npm start
This command will build the app from the source files (/src
) into the output
/build
folder. As soon as the initial build completes, it will start the
Node.js server (node build/server.js
) and Browsersync
with HMR on top of it.
http://localhost:3000/ — Node.js server (
build/server.js
)
http://localhost:3000/graphql — GraphQL server and IDE
http://localhost:3001/ — BrowserSync proxy with HMR, React Hot Transform
http://localhost:3002/ — BrowserSync control panel (UI)
Now you can open your web app in a browser, on mobile devices and start
hacking. Whenever you modify any of the source files inside the /src
folder,
the module bundler (Webpack) will recompile the
app on the fly and refresh all the connected browsers.
Note that the npm start
command launches the app in development
mode,
the compiled output files are not optimized and minimized in this case.
You can use --release
command line argument to check how your app works
in release (production) mode:
$ npm start -- --release
NOTE: double dashes are required
If you need just to build the app (without running a dev server), simply run:
$ npm run build
or, for a production build:
$ npm run build -- --release
or, for a production docker build:
$ npm run build -- --release --docker
NOTE: double dashes are required
After running this command, the /build
folder will contain the compiled
version of the app. For example, you can launch Node.js server normally by
running node build/server.js
.
To check the source code for syntax errors and potential issues run:
$ npm run lint
To launch unit tests:
$ npm test # Run unit tests with Mocha
$ npm run test:watch # Launch unit test runner and start watching for changes
By default, Mocha test runner is looking for test files
matching the src/**/*.test.js
pattern. Take a look at src/components/Layout/Layout.test.js
as an example.
To deploy the app, run:
$ npm run deploy
The deployment script tools/deploy.js
is configured to push the contents of
the /build
folder to a remote server via Git. You can easily deploy your app
to Azure Web Apps,
or Heroku this way. Both will execute npm install --production
upon receiving new files from you. Note, you should only deploy the contents
of the /build
folder to a remote server.
If you need to keep your project up to date with the recent changes made to RSK, you can always fetch and merge them from this repo back into your own project by running:
$ git checkout master
$ git fetch lego-starter-kit
$ git merge lego-starter-kit/master
$ npm install
FAQs
Lego Starter Kit — Node.js & React isomorphic app creator (Node.js, Express, React.js, Babel, PostCSS, Webpack)
The npm package lego-starter-kit receives a total of 868 weekly downloads. As such, lego-starter-kit popularity was classified as not popular.
We found that lego-starter-kit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.