vip-git / react-ssr-advanced-seed Goto Github PK

:crystal_ball: React SSR Advanced Seed (Typescript + nestJS + React SSR + React Native + Docker)

Shell 0.21% JavaScript 17.62% CSS 0.04% TypeScript 66.21% Dockerfile 1.21% HTML 0.70% Java 0.39% Objective-C 0.94% Ruby 1.22% Starlark 0.44% Handlebars 10.50% SCSS 0.54%

react-ssr nestjs node-api react-full-stack puppeter e2e unit-testing docker-react-nest docker redux-documentation-generator

react-ssr-advanced-seed's Introduction

React (SSR) Advanced Seed

NestJS + React (SSR) + React Native + REST / GraphQL
Service workers Integration (Offline First - Push Notifications - PWA)
NGINX - Reverse proxy integration to route to multiple api's via same origin (Docker links)
Dockerized Containers for frontend and backend using docker compose
Babel 7, Webpack 4, Eslint 5, Typescript, Prettier, Jest 24 integration with HMR for both web and mobile (React Native - metro)
Fastlane integration for mobile (React Native) to deploy to Testflight / Appstore (iOS) and PlayStore / Internal test track (Android) using Continous Integration (Eg: Azure, Jenkins, Bitrise, etc).

(Work In Progress)

Prerequisites

Node.js 8.0+

Generic Architecture

Getting Started

npm install

npm start (This will start both frontend and backend servers for you)

Visit:
- http://localhost:8500 (FrontEnd with HMR)
- http://localhost:3000 (Backend running NestJS)
- http://localhost:3000/graphql (Graphql server running graphQL playground theme)
- http://localhost:3000/swagger (running Swagger UI)

Production Build with docker compose (Client and Server) (Frontend, Backend and Postgres)

npm run build

Visit: http://localhost:8080

Mobile Build

npm run install:mobile (Install mobile dependencies)

Packager: npm run start:mobile

ios: npm run mobile:ios
android: npm run mobile:android

Kubernetes Deployment

kubectl create -f deployment.yml

DockerHub Image

- https://hub.docker.com/r/vipgit/react-ssr-nginx/

docker run -d -v /root/.ssh/ -v /opt/node-advanced-app vipgit/react-ssr-nginx:latest

Testing (Unit and End to End Testing)

npm run test (Runs Backend Unit Tests)
npm run test:frontend (Runs Frontend Unit Tests)
npm run test:e2e (Runs Frontend End to End Tests)

Auto-Generated DOCS

Coming Soon

react-ssr-advanced-seed's People

Contributors

Stargazers

Watchers

Forkers

miljan832 sonlongho prabu1988 wahabjan123 stanley666 lakiurosch fuqua2 mitchell561 zhark10 yohihoy vchumakovv-hub ahamed0615 hamra766 nielsymn lksingh91

react-ssr-advanced-seed's Issues

WS-2018-0347 (Medium) detected in eslint-3.19.0.tgz

WS-2018-0347 - Medium Severity Vulnerability

Vulnerable Library - eslint-3.19.0.tgz

An AST-based pattern checker for JavaScript.

Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/node_modules/eslint-plugin-class-property/node_modules/eslint/package.json

Dependency Hierarchy:

eslint-plugin-class-property-1.1.0.tgz (Root Library)
- ❌ eslint-3.19.0.tgz (Vulnerable Library)

Found in HEAD commit: f84fff9000b9c5c18d042e438192f1d4e10126c3

Vulnerability Details

A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.

Publish Date: 2018-02-27

URL: WS-2018-0347

CVSS 2 Score Details (4.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: eslint/eslint#10002

Release Date: 2019-06-16

Fix Resolution: 4.18.2

Step up your Open Source Security Game with WhiteSource here

CVE-2017-5946 (High) detected in rubyzip-1.1.7.gem

CVE-2017-5946 - High Severity Vulnerability

Vulnerable Library - rubyzip-1.1.7.gem

Library home page: https://rubygems.org/downloads/rubyzip-1.1.7.gem

Path to dependency file: /react-ssr-advanced-seed/src/client/mobile/Gemfile.lock

Path to vulnerable library: /var/lib/gems/2.3.0/cache/rubyzip-1.1.7.gem

Dependency Hierarchy:

fastlane-1.92.0.gem (Root Library)
- krausefx-shenzhen-0.14.11.gem
  - ❌ rubyzip-1.1.7.gem (Vulnerable Library)

Found in HEAD commit: e21ef5db27aa86cf7c6d643bc1cb06bf8033b087

Vulnerability Details

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

Publish Date: 2017-02-27

URL: CVE-2017-5946

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-5946

Release Date: 2017-02-27

Fix Resolution: 1.2.1

Step up your Open Source Security Game with WhiteSource here

WS-2018-0592 (Medium) detected in eslint-3.19.0.tgz

WS-2018-0592 - Medium Severity Vulnerability

Vulnerable Library - eslint-3.19.0.tgz

An AST-based pattern checker for JavaScript.

Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/node_modules/eslint-plugin-class-property/node_modules/eslint/package.json

Dependency Hierarchy:

eslint-plugin-class-property-1.1.0.tgz (Root Library)
- ❌ eslint-3.19.0.tgz (Vulnerable Library)

Found in HEAD commit: f84fff9000b9c5c18d042e438192f1d4e10126c3

Vulnerability Details

A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.

Publish Date: 2019-06-17

URL: WS-2018-0592

CVSS 2 Score Details (4.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: eslint/eslint#10002

Release Date: 2019-06-16

Fix Resolution: 4.18.2

Step up your Open Source Security Game with WhiteSource here

WS-2017-3737 (Medium) detected in shelljs-0.7.8.tgz, shelljs-0.8.3.tgz

WS-2017-3737 - Medium Severity Vulnerability

Vulnerable Libraries - shelljs-0.7.8.tgz, shelljs-0.8.3.tgz

shelljs-0.7.8.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.7.8.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/node_modules/eslint-plugin-class-property/node_modules/shelljs/package.json

Dependency Hierarchy:

eslint-plugin-class-property-1.1.0.tgz (Root Library)
- eslint-3.19.0.tgz
  - ❌ shelljs-0.7.8.tgz (Vulnerable Library)

shelljs-0.8.3.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.8.3.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /react-ssr-advanced-seed/node_modules/shelljs/package.json

Dependency Hierarchy:

❌ shelljs-0.8.3.tgz (Vulnerable Library)

Found in HEAD commit: f84fff9000b9c5c18d042e438192f1d4e10126c3

Vulnerability Details

Shelljs 0.8.3 and before are vulnerable to Command Injection. Commands can be invoked from shell.exec(), those commands will include input from external sources, to be passed as arguments to system executables and allowing an attacker to inject arbitrary commands.

Publish Date: 2019-06-16

URL: WS-2017-3737

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 (Medium) detected in braces-1.8.5.tgz

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /react-ssr-advanced-seed/src/client/mobile/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/src/client/mobile/node_modules/braces/package.json

Dependency Hierarchy:

react-native-0.59.8.tgz (Root Library)
- cli-1.9.8.tgz
  - metro-0.51.1.tgz
    - jest-haste-map-24.0.0-alpha.6.tgz
      - micromatch-2.3.11.tgz
        
        ❌ braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: f1d9c9374f54f48c5db371004198815887779cda

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

Rate Limited

These updates are currently rate limited. Click on a checkbox below to force their creation now.

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Check this box to trigger a request for Renovate to run again on this repository

CVE-2018-1000544 (High) detected in rubyzip-1.1.7.gem

CVE-2018-1000544 - High Severity Vulnerability

Vulnerable Library - rubyzip-1.1.7.gem

Library home page: https://rubygems.org/downloads/rubyzip-1.1.7.gem

Path to dependency file: /react-ssr-advanced-seed/src/client/mobile/Gemfile.lock

Path to vulnerable library: /var/lib/gems/2.3.0/cache/rubyzip-1.1.7.gem

Dependency Hierarchy:

fastlane-1.92.0.gem (Root Library)
- krausefx-shenzhen-0.14.11.gem
  - ❌ rubyzip-1.1.7.gem (Vulnerable Library)

Found in HEAD commit: e21ef5db27aa86cf7c6d643bc1cb06bf8033b087

Vulnerability Details

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..

Publish Date: 2018-06-26

URL: CVE-2018-1000544

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2017-0421 (High) detected in ws-1.1.5.tgz

WS-2017-0421 - High Severity Vulnerability

Vulnerable Library - ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Path to dependency file: /react-ssr-advanced-seed/src/client/mobile/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/src/client/mobile/node_modules/ws/package.json

Dependency Hierarchy:

react-native-0.59.8.tgz (Root Library)
- ❌ ws-1.1.5.tgz (Vulnerable Library)

Found in HEAD commit: f1d9c9374f54f48c5db371004198815887779cda

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10742 (High) detected in axios-0.18.0.tgz

CVE-2019-10742 - High Severity Vulnerability

Vulnerable Library - axios-0.18.0.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.18.0.tgz

Path to dependency file: /react-ssr-advanced-seed/package.json

Path to vulnerable library: /tmp/git/react-ssr-advanced-seed/node_modules/axios/package.json

Dependency Hierarchy:

common-6.2.4.tgz (Root Library)
- ❌ axios-0.18.0.tgz (Vulnerable Library)

Found in HEAD commit: 385f78d89d53716d9594e6284bf66db2a79001f0

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: axios/axios#1098

Release Date: 2019-05-31

Fix Resolution: 0.19.0

Step up your Open Source Security Game with WhiteSource here

Can't start project

Hello!
I'm finding nest js react ssr boilerplate and found this repo.
I cloned last master release and can't event start the project. A lot of depencies are not resolved, some packages are not in package json.

Could you provide some more info about starting of your project please?

vip-git / react-ssr-advanced-seed Goto Github PK

react-ssr-advanced-seed's Introduction

React (SSR) Advanced Seed

(Work In Progress)

Prerequisites

Generic Architecture

Getting Started

Production Build with docker compose (Client and Server) (Frontend, Backend and Postgres)

Mobile Build

Kubernetes Deployment

DockerHub Image

Testing (Unit and End to End Testing)

Auto-Generated DOCS

react-ssr-advanced-seed's People

Contributors

Stargazers

Watchers

Forkers

react-ssr-advanced-seed's Issues

WS-2018-0347 - Medium Severity Vulnerability

CVE-2017-5946 - High Severity Vulnerability

WS-2018-0592 - Medium Severity Vulnerability

WS-2017-3737 - Medium Severity Vulnerability

WS-2019-0019 - Medium Severity Vulnerability

Rate Limited

Edited/Blocked

Open

CVE-2018-1000544 - High Severity Vulnerability

WS-2017-0421 - High Severity Vulnerability

CVE-2019-10742 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org