Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sveltekit-pocketbase-starter
Advanced tools
An insanely simple free plug & play setup for those wanting auth/user management in a SvelteKit app with as little pain as possible.
An insanely simple free plug & play setup for those wanting auth/user management in a SvelteKit app with as little pain as possible.
VITE_POCKETBASE_URL=http://127.0.0.1:5555
in sveltekit-pocketbase-starter/.env.local
pocketbase
directory, Run make frontend-up
to bring up the skeleton app and navigate to /login
pocketbase
directory, Run make backend-up
to bring up PocketBasenpm run dev
npm run dev
pocketbase
directory, run docker compose up -d
to bring up pocketbase in a container.localhost:5555/_/
Set up an account if you haven't or log in, then click "Settings" (tool icon on the far left side)localhost:5173
(we need this for redirect URLs to the SvelteKit pieces later)/routes
following standard SvelteKit developer guidance
const protectedRoutes = ['/protected']
in sveltekit-pocketbase-starter/src/routes/+layout.server.ts
/login
)/routes/buy
folder and all the stuff about nonce in routes/+layout.server.ts
.Assumes you have a SvelteKit project as created with npm create svelte@latest <project name>
npm i pocketbase
app.d.ts
to yours if you use TypeScriptHandle
logic from /hooks.server.ts
to your own /hooks.server.ts
(create this file if necessary)/routes/+layout.server.ts
load
function to your /routes/+layout.server.ts
(create this file if necessary)/routes/callback
/routes/confirm-verification
and /routes/login
folders. to your routes
. If you have a /routes/login
page, you may need to merge logic. Add styles as requiredprotectedRoutes
array in /routes/+layout.server.ts
to mark any routes you need auth blocked.Getting Started - Local Development
at least one Auth flow
👇{APP_URL}/confirm-verification/{TOKEN}
confirm-verification
folder in the sveltekit-pocketbase-starter SvelteKit project that handles flipping the "verified" flag when a user visits the Action URL from their email.http://localhost:5173/callback
callback
folder in sveltekit-pocketbase-starter SvelteKit project that handles the auth code response and requests an access token. This is why we set the "Application URL" earlierhttp://localhost:5173/login
1. You can try http://localhost:5173/protected
and see it kicks you back to /login
and /unprotected
and see the pagehttp://localhost:5173/
and navigating to /login
brings you to /
and /protected
should reveal a secret⚠️ Unless you really know what you're doing, avoid messing with hooks.server.ts
or routes/login/+page.server.ts
as that's where most of the auth magic happens
mydomain.com/_
to get into the admin panel for PocketBase and mydomain.com
for the Application name settings.main
.sk_test_
) and a pair for production (usually starting with just sk_
).env.local
(see .env-example
for a hint).env-example
)
nonce
column to the users table in pocketbase/routes/buy
to the endpoint what your offerings page is calledofferings
in /routes/buy/+page.server.ts
to reflect what you're selling. Give price, label and sku. I left my old stuff in there as an example.urls
in /routes/buy/+page.server.ts
to reflect your prod domains and whatnot. (actually this should be env vars but I'm lazy)/routes/buy/+page.svelte
pretty. Offerings should come out from server so just decorate this page, no need for anything fancy.FAQs
An insanely simple free plug & play setup for those wanting auth/user management in a SvelteKit app with as little pain as possible.
The npm package sveltekit-pocketbase-starter receives a total of 11 weekly downloads. As such, sveltekit-pocketbase-starter popularity was classified as not popular.
We found that sveltekit-pocketbase-starter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.