Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
reaction-api
Advanced tools
Reaction is a modern reactive, real-time event driven ecommerce platform.
Reaction is a headless commerce platform built using Node.js, React, and GraphQL. It plays nicely with npm, Docker and Kubernetes.
Follow the documentation to install Reaction with Reaction Platform for all supported operating systems.
bin/setup # do this after initial clone and after every pull or checkout
docker-compose up -d # starts a MongoDB container and a Reaction API container
docker-compose logs -f api # view Reaction API container logs
To stop the API and the MongoDB server, enter docker-compose down
.
nvm use
# nvm install if prompted
npm i -g npm
npm install
bin/setup # do this after initial clone and after every pull or checkout
npm run start:dev
CTRL+C
to stop.
bin/setup
docker-compose run --rm api npm run test:integration # Test all mutations and queries
docker-compose run --rm api npm run test:integration:query # OR test queries only
docker-compose run --rm api npm run test:integration:mutation # OR test mutations only
docker-compose run --rm api npm run test:integration:file:watch -- <filename> # OR test one file
CTRL+C
to interrupt the test run.
docker-compose up -d mongo
npm install
npm run test:integration # Test all mutations and queries
npm run test:integration:query # OR test queries only
npm run test:integration:mutation # OR test mutations only
npm run test:integration:file:watch -- <filename> # OR test one file
CTRL+C
to interrupt the test run.
Build:
docker build . -t test-api
Run:
dc up -d mongo
docker run --env-file ./.env -p 3000:3000 --network reaction.localhost -it test-api:latest
Use an external GraphQL client to test http://localhost:3000/graphql. GraphQL Playground isn't served on GET requests because it's in production mode.
:star: If you like what you see, star us on GitHub.
Find a bug, a typo, or something that’s not documented well? We’d love for you to open an issue telling us what we can improve!
Want to request a feature? Use our Reaction Feature Requests repository to file a request.
We love your pull requests! Check our our Good First Issue
and Help Wanted
tags for good issues to tackle.
Pull requests should pass all automated tests, style, and security checks.
Your code should pass all acceptance tests and unit tests. Run docker-compose run --rm reaction npm run test
to run the test suites in containers. If you're adding functionality to Reaction, you should add tests for the added functionality.
We require that all code contributed to Reaction follows Reaction's ESLint rules. You can run docker-compose run --rm reaction npm run lint
to run ESLint against your code locally.
Please follow the Reaction Code Style Guide. Check out our guides to JSDoc, Git, error handling, logging, and React.
We also request that you follow the our pull request template
Get more details in our Contributing Guide.
We use the Developer Certificate of Origin (DCO) in lieu of a Contributor License Agreement for all contributions to Reaction Commerce open source projects. We request that contributors agree to the terms of the DCO and indicate that agreement by signing-off all commits made to Reaction Commerce projects by adding a line with your name and email address to every Git commit message contributed:
Signed-off-by: Jane Doe <jane.doe@example.com>
You can sign-off your commit automatically with Git by using git commit -s
if you have your user.name
and user.email
set as part of your Git configuration.
We ask that you use your real full name (please no anonymous contributions or pseudonyms) and a real email address. By signing-off your commit you are certifying that you have the right to submit it under the GNU GPLv3 License.
We use the Probot DCO GitHub app to check for DCO sign-offs of every commit.
If you forget to sign-off your commits, the DCO bot will remind you and give you detailed instructions for how to amend your commits to add a signature.
Reaction is GNU GPLv3 Licensed
FAQs
Reaction is a modern reactive, real-time event driven ecommerce platform.
We found that reaction-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.