Refactored reuseable components for REEV.
This README file describes how to setup your dev environment for this library. For everything else, see the REEV Project.
git clone git@github.com:bihealth/reev-frontend-lib.git
cd reev-frontend-lib
npm ci
make serve
# hack away!
Fetch protobuf files from main, and re-generate the TS files, and format them.
make proto
This library implements security measures to protect against npm supply chain attacks. See docs/SECURITY-NPM-SUPPLY-CHAIN.md for detailed information.
Before accepting any npm dependency updates:
# Run comprehensive security scan
./utils/scan-npm-compromise.sh
# Or run quick security check (includes scan + audit)
./utils/npm-security-check.shKey security measures:
- Automated scanning for known malicious packages (425+ packages including Shai-Hulud 2.0)
- Dependabot auto-merge disabled for npm updates
- Manual review required for all npm dependency changes
- Detection of suspicious install scripts and network activity
Checking for upstream updates
npx npm-check-updates
Apply updates (
# 1. Run security check BEFORE updating
./utils/npm-security-check.sh
# 2. Apply updates
npx npm-check-updates --upgrade
# 3. Run security scan AFTER updating
./utils/scan-npm-compromise.sh