Flox users
- Clone the git repo and
cdinto the directory. - Run
flox activate. The first time you do this, it will locally install all the dependencies and Node packages, and configure the environment ready for you to develop and test.
- Install Node v20.18.1 (use
nvmto manage Node versions if needed). Thecanvaspackage we use does not seem to be compatible with later versions of node. - Make sure
libuuid.sois installed (ldconfig -p | grep libuuid) and install it if not (instructions will depend on your OS). - Clone the git repo and
cdinto the directory - Run the following:
npm install
npm run build
npx link cliWhen you've made a change to the CLI and want to test it out, you can rerun the build and link steps from within the cli directory:
npm run build
npx link .This will make the CLI available on your local node_modules path.
npx link uses the link package to symlink the calm executable in node_modules/.bin to your locally-built CLI.
Note: you can also use npm link but this installs to your global package registry.
This will make the executable available as just calm, but will pollute your global NPM profile and may require sudo depending on your OS.
Some other commands that you might find useful during development include:
npm run lintto point out any lint errors in the codenpm run testto run the tests against the code base
You can find the full list by examining the package.json
The OWASP dependency check tool will run on PRs and periodically on the committed code, but it can be helpful to be able to run this locally to investigate CVEs.
To use the dependency check tool locally, first install the tool following the instructions for your operating system here.
Once that is done the tool is configured as a script in the package.json, run npm run dependency-check; the reports will be output to cli/dependency-check-report.