d88ebb909b
|
||
|---|---|---|
| .github/workflows | ||
| .husky | ||
| apis | ||
| components | ||
| hooks | ||
| pages | ||
| public | ||
| store | ||
| styles | ||
| types | ||
| utils | ||
| vendor | ||
| .eslintignore | ||
| .eslintrc.json | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc | ||
| .yarnrc | ||
| .yarnrc.yml | ||
| LICENSE | ||
| README.md | ||
| next-env.d.ts | ||
| next-i18next.config.js | ||
| next.config.js | ||
| package.json | ||
| postcss.config.js | ||
| tailwind.config.js | ||
| tsconfig.json | ||
| yarn.lock | ||
README.md
This is a Next.js project bootstrapped with create-next-app.
Dependency Management
When updating dependencies, there are various files that must be kept up-to-date. Newly added, or updated dependencies can introduce unwanted/malicious scripts that can introduce risks for users and/or developers. The lavamoat allow-scripts feature allows us to deny by default, but adds some additional steps to the usual workflow.
yarn.lock:
- Instead of running
yarnoryarn install, runyarn setupto ensure theyarn.lockfile is in sync and that dependency scripts are run according to theallowScriptspolicy (set inpackages.json) - If
lavamoatdetects new scripts that are not explicitely allowed/denied, it'll throw and error with details (see below) - Running
yarn setupwill also dedupe theyarn.lockfile to reduce the dependency tree. Note CI will fail if there are dupes inyarn.lock!
The allowScripts configuration in package.json:
- There are two ways to configure script policies:
- Update the allow-scripts section manually by adding the missing package in the
allowScriptssection inpackage.json - Run
yarn allow-scripts autoto update theallowScriptsconfiguration automatically
- Update the allow-scripts section manually by adding the missing package in the
- Review each new package to determine whether the install script needs to run or not, testing if necessary.
- Use
npx can-i-ignore-scriptsto help assessing whether scripts are needed
Getting Started
First, run the development server:
npm run dev
# or
yarn dev
Open http://localhost:3000 with your browser to see the result.
You can start editing the page by modifying pages/index.tsx. The page auto-updates as you edit the file.
API routes can be accessed on http://localhost:3000/api/hello. This endpoint can be edited in pages/api/hello.ts.
The pages/api directory is mapped to /api/*. Files in this directory are treated as API routes instead of React pages.
Learn More
To learn more about Next.js, take a look at the following resources:
- Next.js Documentation - learn about Next.js features and API.
- Learn Next.js - an interactive Next.js tutorial.
You can check out the Next.js GitHub repository - your feedback and contributions are welcome!
Deploy on Vercel
The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.
Check out our Next.js deployment documentation for more details.