Svelte ecommerce - Headless, Authentication, Cart & Checkout, TailwindCSS, Server Rendered, Proxy + API Integrated

  • By Swadesh Behera
  • Last update: Jan 3, 2023
  • Comments: 14

version Branch stable Typescript

Branch Develop Branch Develop

Svelte Commerce?

Svelte Commerce is an advanced Frontend Platform for eCommerce based on Sveltekit

Demo

  • ūüõćÔłŹ Attach Svelte store front to any ecommerce API (e.g. Litekart, Magento, Moltin, Shopify ...)
  • ūüĎ• The demo uses litekart as backend
  • ūüĎ®ūüŹĽ‚ÄćūüíĽ Its both SSR and SPA
  • ūüöÄ Superfast
  • ūüĒó It is possible to connect with any eCommerce backend if the backend has Rest API
  • ūüĒď Svelte Commerce is free and open source. Download and modify it the way you want
  • ūüõí Most of the essential features for ecommerce are already integrated
  • ūüēí Save hours of development time setting up an ecommerce store front
  • ūüíį No need to make a big leap or invest huge amount. Just take this opend source project and attach to existing backend.
  • ūüźõ If you have discovered a bug or have feature suggestion, feel free to create/join a discussion on Github.
  • ūüĎć I have been supporting this project alone since 2019. Any little code contribution will be appreciated
  • ‚ú® Demo is hosted at netlify USA server and without CDN. Hence you may experience little lag.

Latest Updates

  • 22-July-2021 - Integrated with netlify deployment
  • 07-May-2021 - Completely Migrated to SvelteKit

Installation

Install - NodeJS - Yarn - Git

git clone https://github.com/itswadesh/svelte-commerce.git
cd svelte-commerce
yarn
yarn dev

Thats all !

Open http://localhost:3000 on chrome. Your app should be live with awesome sveltekit up and running

Configurations

If required change config/index.ts according to your requirement

Deployment

Click on the button to directly deploy to your netlify server. Zero configuration required.

Deploy to netlify

Features

  • Awesome shiny new SvelteKit
  • Typescript for rock solid app
  • TailwindCSS Integrated
  • Server Rendered
  • Proxy + API integrated
  • Lazy loading images
  • Animations (Page transition)
  • Login
  • Cart & Checkout
  • Settings from database
  • Stores
  • SEO optimized pages
  • Carousel (Slider)
  • Toasts (Notifications)
  • Loading Indicators
  • Componentized Checkbox, Radio, Textbox
  • Instant Search
  • Faceted filters
  • API calls
  • Skeletons
  • Responsive

Contributing

If you like the ideas behind Svelte Commerce and want to become a contributor - join github discussions, check the list of the active issues or contact me directly via [email protected]

Support me!

Svelte Commerce is and always will be Open Source, released under MIT Licence.

You can support me in various ways:

  • Contribute - Support this project by contributing some ideas or directing digging into the source code and improving it.
  • Evangelize - Tweet about the project, take some speaking slot at a tech conference, etc.

Buy Me a Coffee

Github

https://github.com/itswadesh/sapper-ecommerce

Comments(14)

  • 1

    Update README.md

    Tiny little change to set off a build in vercel.. I think your project is really awesome, would you be williing to collaborate to make it accessible easily on https://vercel.com? I get this issue when I try to build the project there off master:

    This is now-sapper, your Vercel builder. Turns out we couldn't find your server instance. Did you write module.exports = app?

    Read the docs or create an issue: https://github.com/thgh/now-sapper

    I think you already have a great project, but it you make it push button deployable, you may accelerate your progress exponentially. Let me know what you think, really great work dude!

  • 2

    [filtering page] APPLY button is not shown at the bottom of a screen on an Android phone

    Describe the bug APPLY button is not shown at the bottom of a screen on an Android phone. I am talking about the "filtering" page.

    To Reproduce Steps to reproduce the behavior:

    1. Go to 'https://svelte-commerce.litekart.in/search' from your Android smartphone
    2. Click on 'filter'

    Expected behavior APPLY button is shown at the bottom of the screen

    Screenshots photo_2022-01-16_22 08 13_1_50

    Smartphone (please complete the following information):

    • Device: Android smartphone
    • OS: Android 10
    • Browser: Chrome
    • Version: 96.0.4664.92
  • 3

    Bump undici from 5.1.1 to 5.5.1

    Bumps undici from 5.1.1 to 5.5.1.

    Release notes

    Sourced from undici's releases.

    v5.5.1

    ‚ö†ÔłŹ v5.5.1 - Security release

    This releases fixes CVE CVE-2022-32210. See https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33 for more details:

    Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

    Full Changelog: https://github.com/nodejs/undici/compare/v5.5.0...v5.5.1

    v5.5.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.4.0...v5.5.0

    v5.4.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.3.0...v5.4.0

    v5.3.0

    What's Changed

    ... (truncated)

    Commits
    • 19563f7 Bumped v5.5.1
    • 6b42910 Fix support for Node v12
    • 6fc7ffb test: add rejectUnauthorized for agent1 cert
    • df4f7e0 Merge pull request from GHSA-pgw7-wx7w-2w33
    • 2717d70 Bumped v5.5.0
    • 3fa762e fix: update error messages
    • a6cc7e4 feat: add FormData.prototype.forEach
    • 282a52b feat: implement FormData Iterator
    • 30a464b fix: moved async code in examples to top-level-await
    • e00bd1d fix: readme example codestyle
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 4

    Bump minimist from 1.2.5 to 1.2.6

    Bumps minimist from 1.2.5 to 1.2.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 5

    Bump node-fetch from 2.6.1 to 3.1.1

    Bumps node-fetch from 2.6.1 to 3.1.1.

    Release notes

    Sourced from node-fetch's releases.

    v3.1.1

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    New Contributors

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1

    v3.1.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from node-fetch's changelog.

    Changelog

    All notable changes will be recorded here.

    The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

    What's Changed

    New Contributors

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

    3.1.0

    What's Changed

    ... (truncated)

    Commits
    Maintainer changes

    This version was pushed to npm by endless, a new releaser for node-fetch since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 6

    Bump nanoid from 3.1.25 to 3.2.0

    Bumps nanoid from 3.1.25 to 3.2.0.

    Changelog

    Sourced from nanoid's changelog.

    Change Log

    This project adheres to Semantic Versioning.

    3.2

    • Added --size and --alphabet arguments to binary (by Vitaly Baev).

    3.1.32

    • Reduced async exports size (by Artyom Arutyunyan).
    • Moved from Jest to uvu (by Vitaly Baev).

    3.1.31

    • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

    3.1.30

    • Reduced size for project with brotli compression (by Anton Khlynovskiy).

    3.1.29

    • Reduced npm package size.

    3.1.28

    • Reduced npm package size.

    3.1.27

    • Cleaned dependencies from development tools.

    3.1.26

    • Improved performance (by Eitan Har-Shoshanim).
    • Reduced npm package size.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 7

    Bump shelljs from 0.8.4 to 0.8.5

    Bumps shelljs from 0.8.4 to 0.8.5.

    Release notes

    Sourced from shelljs's releases.

    v0.8.5

    This was a small security fix for #1058.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 8

    Bump undici from 5.1.1 to 5.9.1

    Bumps undici from 5.1.1 to 5.9.1.

    Release notes

    Sourced from undici's releases.

    v5.9.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.8.2...v5.9.1

    v5.8.2

    ‚ö†ÔłŹ Security Release ‚ö†ÔłŹ

    • CRLF Injection in Nodejs ‚Äėundici‚Äô via Content-Type GHSA-f772-66g8-q5h3 CVE-2022-35948
    • undici.request vulnerable to SSRF using absolute URL on pathname GHSA-8qr4-xgw6-wmr3 CVE-2022-35949

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.8.1...v5.8.2

    v5.8.1

    What's Changed

    New Contributors

    ... (truncated)

    Commits
    • 5890e16 5.9.1
    • ecae314 fix: don't timeout while waiting for client to send request (#1604)
    • fa9fd90 fix(File): respect typed array byteOffset and byteLength (#1601)
    • ae6f554 fix: add support for integrity option to Fetch (#1596)
    • deed628 fix(fetch): implement fully read body algorithm (#1597)
    • 0d1419c Fix array headers (#1598)
    • 52d1ce5 Bumped v5.8.2
    • 66165d6 Merge pull request from GHSA-f772-66g8-q5h3
    • 124f7eb Merge pull request from GHSA-8qr4-xgw6-wmr3
    • aef314c feat(webidl): better error message for ByteString converter (#1591)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 9

    Bump undici from 5.1.1 to 5.8.0

    Bumps undici from 5.1.1 to 5.8.0.

    Release notes

    Sourced from undici's releases.

    v5.8.0

    ‚ö†ÔłŹ Security Fixes ‚ö†ÔłŹ

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.7.0...v5.7.1

    v5.7.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.6.1...v5.7.0

    v5.6.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/nodejs/undici/compare/v5.6.0...v5.6.1

    v5.6.0

    What's Changed

    ... (truncated)

    Commits
    • 26f60b7 Bumped v5.8.0
    • 0a5bee9 Merge pull request from GHSA-q768-x9m6-m9qp
    • a29a151 Merge pull request from GHSA-3cvr-822r-rqcc
    • 722976c docs: updated proxy docs - renamed already used const proxy to proxyServer (#...
    • b6af4e6 fix(body mixin): only allow Uint8Array chunks (#1550)
    • 6c9e634 fix(mock utils): set Readable.abort (#1549)
    • 22e2f39 ci: fix up exclude (#1544)
    • 99205ec feat: use weighted round robin in balancedPool (#1069)
    • 5b57e8c chore: exclude windows node 16 (#1542)
    • 93e31a2 Drop PR title validation (#1543)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 10

    Bump svelte from 3.48.0 to 3.49.0

    Bumps svelte from 3.48.0 to 3.49.0.

    Changelog

    Sourced from svelte's changelog.

    3.49.0

    • Improve performance of string escaping during SSR (#5701)
    • Add ComponentType and ComponentProps convenience types (#6770)
    • Add support for CSS @layer (#7504)
    • Export CompileOptions from svelte/compiler (#7658)
    • Fix DOM-less components not being properly destroyed (#7488)
    • Fix class: directive updates with <svelte:element> (#7521, #7571)
    • Harden attribute escaping during SSR (#7530)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 11

    Bump ansi-regex from 5.0.0 to 5.0.1

    Bumps ansi-regex from 5.0.0 to 5.0.1.

    Release notes

    Sourced from ansi-regex's releases.

    v5.0.1

    Fixes (backport of 6.0.1 to v5)

    This is a backport of the minor ReDos vulnerability in [email protected]<6.0.1, as requested in #38.

    • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

    CVE-2021-3807

    https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

    Thank you @‚Äčyetingli for the patch and reproduction case!

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 12

    Err at Hooks... TypeError: Cannot read properties of undefined (reading '_id')

    Hey, thanks for the great project! And also happy to hire you for 20-30min to help me get it working locally and connecting to my REST API. My email [email protected] if interested. Thanks.

    So, I cloned, npm install with 0 vulnerabilities and WARN derecated and then renamed to .env but didn't change there anything. When I npm run dev then all nice in console but when I open http://localhost:3000/ then I get 500 undefined in my browser and in console: https://i.imgur.com/6XIBxRG.png

    I'm on Win 11 and Node v18.7.0

  • 13

    npm i (8.19.1) not able to run dev

    Not able to run dev Not able to install dependencies fully on npm version 8.19.1

    Errors which I have faced: npm ERR! syscall read npm ERR! errno -4077 npm ERR! network read ECONNRESET npm ERR! network This is a problem related to network connectivity. npm ERR! network In most cases you are behind a proxy or have bad network settings. npm ERR! network npm ERR! network 'proxy' config is set properly. See: 'npm help config' npm ERR! A complete log of this run can be found in: npm ERR!

    I have tried

    • npm i
    • npm install vite
    • npm config set fetch-retry-mintimeout 20000
    • npm config set fetch-retry-maxtimeout 120000

    How can I start using? Should I try going back to npm previous version? Any suggestion would be appreciated

  • 14

    How to run the project on local machine? DB migration and, etc.

    Hi there, I want to run the project after clone but I have errors, it seems that backend API and DB migration didn't do. Could you please help me with how can I do this?