Full Stack boilerplate with JWT Authentication - Built with React, Typescript, Node, Express, GraphQL, PostgreSQL, Redis, and Webpack

Related tags

Boilerplate react nodejs graphql redis postgres boilerplate jwt express node typescript webpack reactjs apollo-client postgresql sequelize jwt-authentication apollo-server-express
Overview

Full Stack Boilerplate with JWT Authentication

About

Full Stack boilerplate with JWT authentication.

Built with React, Typescript, Node, Express, GraphQL, PostgreSQL, Redis, and Webpack.

Uses custom hooks and code splitting optimization via route-based component lazy loading with the Suspense component.

Unexpired tokens on sign-out are stored in a redis list and checked against on all authentication attempts.

Installation

Clone the repo:

git clone https://github.com/scottjason/ts-boilerplate-graphql-postgres.git

Then cd into the root directory and run npm install

Local Development

Add a .env file in the root directory of the repo with the following, and update the values:

JWT_SECRET=enter your JWT secret, a long random string
DEV_ORIGIN=http://localhost:8080
PROD_ORIGIN=Enter your production origin
REDIS_URL=Enter your redis url ie redis://...
REDIS_TLS_URL=Enter your redis tls url ie rediss://...
DEV_DB_HOST=localhost
DEV_DB_USER=yourname
DEV_DB_PASSWORD=yourpassword
DEV_DB_NAME=testdb
DEV_DB_DIALECT=postgres
DEV_DB_MAX=5
DEV_DB_MIN=0
DEV_DB_ACQUIRE=30000

Then run npm run dev to start development and your browser should open to http://localhost:8080.

Build

To build the production bundle, run npm run build

Preview

Deployed to Heroku, preview app.

preview

License

MIT License

Copyright (c) 2022 Scott Jason

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Comments
  • Bump loader-utils from 2.0.2 to 2.0.3

    Bump loader-utils from 2.0.2 to 2.0.3

    Bumps loader-utils from 2.0.2 to 2.0.3.

    Release notes

    Sourced from loader-utils's releases.

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Changelog

    Sourced from loader-utils's changelog.

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump apollo-server-core from 3.6.7 to 3.10.1

    Bump apollo-server-core from 3.6.7 to 3.10.1

    Bumps apollo-server-core from 3.6.7 to 3.10.1.

    Changelog

    Sourced from apollo-server-core's changelog.

    v3.10.1

    • ⚠️ SECURITY: The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older browsers such as IE11, this value is not URI-encoded. On such browsers, opening a malicious URL pointing at an Apollo Router could cause execution of attacker-controlled JavaScript. In this release, the fallback page does not display a curl command. More details are available at the security advisory.
    • Improve error message when both a graph ref and a graph variant are specified. [PR #6709](apollographql/apollo-server#6709)
    • Fix the TypeScript declaration of the fieldLevelInstrumentation option to ApolloServerPluginUsageReporting to show that the function may return a number in addition to a boolean. This now matches the implementation and docs. [PR #6763](apollographql/apollo-server#6763)

    v3.10.0

    v3.9.0

    • ⚠️ SECURITY apollo-server-core: The default configuration of Apollo Server is vulnerable to denial of service attacks via memory exhaustion. If you do not currently specify the cache option to new ApolloServer(), we strongly recommend you specify cache: 'bounded', which replaces the default in-memory unbounded cache with a 30MB in-memory cache, or disable automatic persisted queries with persistedQueries: false. Apollo Server now logs a warning in production if you do not configure the cache or disable APQs. See the docs for more details.
    • The apollo-server-caching package is no longer published. The TypeScript types KeyValueCache and KeyValueCacheSetOptions and the classes PrefixingKeyValueCache and InMemoryLRUCache can be imported from @apollo/utils.keyvaluecache instead. The first three exports are identical; InMemoryLRUCache is based on lru-cache v7 instead of v6, and no longer supports creating unbounded caches (which was the default behavior for apollo-server-caching's InMemoryLRUCache). [PR #6522](apollographql/apollo-server#6522)
    • The apollo-server-cache-redis and apollo-server-cache-memcached packages are no longer published (though previous versions continue to work). We recommend that users of these packages migrate to @apollo/utils.keyvadapter, which lets you connect to Redis, Memcached, or any other backend supported by the Keyv project. See the new cache backend docs for more details. [PR #6541](apollographql/apollo-server#6541)
    • Avoid unhandled rejection errors if the end hook from a parsingDidStart plugin method rejects. [Issue #6567](apollographql/apollo-server#6567) [PR #6559](apollographql/apollo-server#6559)

    v3.8.2

    v3.8.1

    v3.8.0

    • Add embed as an option in the ApolloServerPluginLandingPageLocalDefault and ApolloServerPluginLandingPageProductionDefault plugins. If you pass the embed option to ApolloServerPluginLandingPageLocalDefault, the Apollo Studio Sandbox will be embedded on your Apollo Server endpoint. If you pass the embed option to ApolloServerPluginLandingPageProductionDefault, the Apollo Studio embedded Explorer will be embedded on your Apollo Server endpoint. In both cases, users can use the embedded app to run GraphQL operations without any special CORS setup.
    • Add a few missing dependencies to packages. [PR #6393](apollographql/apollo-server#6393)
    • Factor out some usage reporting code to a shared package in the apollo-utils repository. Should not be a visible change. [PR #6449](apollographql/apollo-server#6449)

    v3.7.0

    • ⚠️ SECURITY apollo-server-core: Apollo Server now includes protection against CSRF and XS-Search attacks. We highly recommend enabling this feature by passing csrfPrevention: true to new ApolloServer(). If you rely on the ability to execute GraphQL operations via HTTP GET requests using a client other than Apollo Client Web, Apollo iOS, or Apollo Kotlin (formerly Apollo Android), you may need to first change the configuration of that client. See the CSRF prevention docs for more details. This vulnerability was reported by Jeffrey Hofmann; the feature was designed with advice from Luca Carettoni of Doyensec.

    v3.6.8

    • apollo-server-fastify: This package now depends on the @fastify/accepts and @fastify/cors packages rather than their older deprecated names fastify-accepts and fastify-cors. There is no behavior change (except that you will no longer see deprecation messages). [PR #6366](apollographql/apollo-server#6366)
    • apollo-server-types: The Logger TypeScript interface is now re-exported from the new @apollo/utils.logger package instead of defined directly in this package; other packages import it from the new package. There should be no observable change. [PR #6229](apollographql/apollo-server#6229)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump jsonwebtoken from 8.5.1 to 9.0.0

    Bump jsonwebtoken from 8.5.1 to 9.0.0

    Bumps jsonwebtoken from 8.5.1 to 9.0.0.

    Changelog

    Sourced from jsonwebtoken's changelog.

    9.0.0 - 2022-12-21

    Breaking changes: See Migration from v8 to v9

    Breaking changes

    Security fixes

    • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
    • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
    • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
    • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
    Commits
    • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
    • 5eaedbf chore(ci): remove github test actions job (#861)
    • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
    • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
    • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
    • 7e6a86b Upload OpsLevel YAML (#849)
    • 74d5719 docs: update references vercel/ms references (#770)
    • d71e383 docs: document "invalid token" error
    • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
    • a46097e docs: make decode impossible to discover before verify
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump loader-utils from 2.0.2 to 2.0.4

    Bump loader-utils from 2.0.2 to 2.0.4

    Bumps loader-utils from 2.0.2 to 2.0.4.

    Release notes

    Sourced from loader-utils's releases.

    v2.0.4

    2.0.4 (2022-11-11)

    Bug Fixes

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Changelog

    Sourced from loader-utils's changelog.

    2.0.4 (2022-11-11)

    Bug Fixes

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump apollo-server-core from 3.6.7 to 3.11.0

    Bump apollo-server-core from 3.6.7 to 3.11.0

    Bumps apollo-server-core from 3.6.7 to 3.11.0.

    Changelog

    Sourced from apollo-server-core's changelog.

    v3.11.0

    • ⚠️ SECURITY: The cache control plugin no longer sets the cache-control HTTP response header if the operation is part of a batched HTTP request. Previously, it would set the header to a value describing the cache policy of only one of the operations in the request, which could lead to data being unintentionally cached by proxies or clients. This bug was introduced in v3.0.0 and this fix restores the behavior of Apollo Server 2. (In Apollo Server 4 (specifically, @apollo/[email protected] or newer), the features work properly together, setting the header based on the combined cache policy of all operations.) This could theoretically have led to data tagged as uncacheable being cached and potentially served to different users. More details are available at the security advisory.
    • apollo-server-core: New field GraphQLRequestContext.requestIsBatched available to plugins.

    v3.10.4

    • apollo-server-core: Manage memory more efficiently in the usage reporting plugin by allowing large objects to be garbage collected more quickly. [PR #7106](apollographql/apollo-server#7106)
    • apollo-server-core: The usage reporting plugin now defaults to a 30 second timeout for each attempt to send reports to Apollo Server instead of no timeout; the timeout can be adjusted with the new requestTimeoutMs option to ApolloServerPluginUsageReporting. (Apollo's servers already enforced a 30 second timeout, so this is unlikely to break any existing use cases.) [PR #7106](apollographql/apollo-server#7106)

    v3.10.3

    v3.10.2

    v3.10.1

    • ⚠️ SECURITY: The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older browsers such as IE11, this value is not URI-encoded. On such browsers, opening a malicious URL pointing at an Apollo Router could cause execution of attacker-controlled JavaScript. In this release, the fallback page does not display a curl command. More details are available at the security advisory.
    • Improve error message when both a graph ref and a graph variant are specified. [PR #6709](apollographql/apollo-server#6709)
    • Fix the TypeScript declaration of the fieldLevelInstrumentation option to ApolloServerPluginUsageReporting to show that the function may return a number in addition to a boolean. This now matches the implementation and docs. [PR #6763](apollographql/apollo-server#6763)

    v3.10.0

    v3.9.0

    • ⚠️ SECURITY apollo-server-core: The default configuration of Apollo Server is vulnerable to denial of service attacks via memory exhaustion. If you do not currently specify the cache option to new ApolloServer(), we strongly recommend you specify cache: 'bounded', which replaces the default in-memory unbounded cache with a 30MB in-memory cache, or disable automatic persisted queries with persistedQueries: false. Apollo Server now logs a warning in production if you do not configure the cache or disable APQs. See the docs for more details.
    • The apollo-server-caching package is no longer published. The TypeScript types KeyValueCache and KeyValueCacheSetOptions and the classes PrefixingKeyValueCache and InMemoryLRUCache can be imported from @apollo/utils.keyvaluecache instead. The first three exports are identical; InMemoryLRUCache is based on lru-cache v7 instead of v6, and no longer supports creating unbounded caches (which was the default behavior for apollo-server-caching's InMemoryLRUCache). [PR #6522](apollographql/apollo-server#6522)
    • The apollo-server-cache-redis and apollo-server-cache-memcached packages are no longer published (though previous versions continue to work). We recommend that users of these packages migrate to @apollo/utils.keyvadapter, which lets you connect to Redis, Memcached, or any other backend supported by the Keyv project. See the new cache backend docs for more details. [PR #6541](apollographql/apollo-server#6541)
    • Avoid unhandled rejection errors if the end hook from a parsingDidStart plugin method rejects. [Issue #6567](apollographql/apollo-server#6567) [PR #6559](apollographql/apollo-server#6559)

    v3.8.2

    v3.8.1

    v3.8.0

    • Add embed as an option in the ApolloServerPluginLandingPageLocalDefault and ApolloServerPluginLandingPageProductionDefault plugins. If you pass the embed option to ApolloServerPluginLandingPageLocalDefault, the Apollo Studio Sandbox will be embedded on your Apollo Server endpoint. If you pass the embed option to ApolloServerPluginLandingPageProductionDefault, the Apollo Studio embedded Explorer will be embedded on your Apollo Server endpoint. In both cases, users can use the embedded app to run GraphQL operations without any special CORS setup.
    • Add a few missing dependencies to packages. [PR #6393](apollographql/apollo-server#6393)
    • Factor out some usage reporting code to a shared package in the apollo-utils repository. Should not be a visible change. [PR #6449](apollographql/apollo-server#6449)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump moment-timezone from 0.5.34 to 0.5.37

    Bump moment-timezone from 0.5.34 to 0.5.37

    Bumps moment-timezone from 0.5.34 to 0.5.37.

    Changelog

    Sourced from moment-timezone's changelog.

    0.5.37 2022.08-25

    0.5.36 2022.08-25

    • IANA TZDB 2022c
    • improvements/fixes to data pipeline

    0.5.35 2022-08-23

    Thanks to the OpenSSF Alpha-Omega project for reporting these!

    Commits
    • ffe6f34 Add changelog for 0.5.37
    • 450ca63 Bump version to 0.5.37
    • 95f1a9b Build moment-timezone 0.5.36
    • abba28c Add changelog for 0.5.36
    • ac6de03 Bump version to 0.5.36
    • 7a5cadf tests: Fix country tests for 2022c
    • 6754c75 data: generate 2022c data+tests
    • f74a364 bugfix: Wipe tests/zones before generation
    • e850f9f grunt: do not bundle zone and contry tests
    • f13e22b data: automatically create data/*/VERSION.json for latest
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump terser from 5.13.1 to 5.14.2

    Bump terser from 5.13.1 to 5.14.2

    Bumps terser from 5.13.1 to 5.14.2.

    Changelog

    Sourced from terser's changelog.

    v5.14.2

    • Security fix for RegExps that should not be evaluated (regexp DDOS)
    • Source maps improvements (#1211)
    • Performance improvements in long property access evaluation (#1213)

    v5.14.1

    • keep_numbers option added to TypeScript defs (#1208)
    • Fixed parsing of nested template strings (#1204)

    v5.14.0

    • Switched to @​jridgewell/source-map for sourcemap generation (#1190, #1181)
    • Fixed source maps with non-terminated segments (#1106)
    • Enabled typescript types to be imported from the package (#1194)
    • Extra DOM props have been added (#1191)
    • Delete the AST while generating code, as a means to save RAM
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
Scott Jason
Scott Jason
GitHub
An easy and straight forward full-stack web application boilerplate using Node.js Express as backend and React as frontend.

An easy and straight forward full-stack web application boilerplate using Node.js Express as backend and React as frontend. All packages are structured as Yarn Workspaces and written in Typescript. In addition, the web application can be built as Docker image using a multi stage built supported Dockerfile.

null 23 Dec 16, 2022
Node.js / GraphQL project template pre-configured with TypeScript, PostgreSQL, login flow, transactional emails, unit tests, CI/CD workflow.

Node.js API Starter Kit Node.js API Starter Kit is a project template for building Node.js backend applications optimized for serverless infrastructur

Kriasoft 119 Dec 30, 2022
GraphQL first full-stack starter kit with Node, React. Powered by TypeScript

GraphQL first full-stack starter kit with Node, React. Powered by TypeScript

Karan Pratap Singh 1.1k Dec 15, 2022
This is a fully functional google search engine book it was created with Restful API and i refactored it to the GraphQL built with Apollo server with the use of the MERN stack with react front end MongoDB database, Node.js, Express and API

Book Search Engine To checkout the live site on heroku. Table of Contents Description Installation Technologies Usage Contribution Questions Descripti

QABAS AL ANI 1 May 29, 2022
Palo-mern-boilerplate - A MERN stack (Mongo, Express, React, Node) boilerplate to get Palowans up and running quickly.

palo MERN boilerplate A MERN stack (Mongo, Express, React, Node) boilerplate to get Palowans up and running quickly. Commands: npm install # install b

Jim 10 Oct 31, 2022
Very simple full-stack application using React, Java Spring Boot, and PostgreSQL.

Very simple full-stack application using React, Java Spring Boot, and PostgreSQL. The API was built following the N-Tier architecture. The goal was to explore and learn more in-depth the development of APIs, the use of Docker and deploying with AWS.

Diego Quintela 0 Apr 23, 2022
React Typescript Login and Registration example - JWT Authentication & Authorization with Axios, Router, Rest API

React Typescript Login example with Axios and Web API Build React Typescript Login and Registration example with React Router, Axios and Bootstrap (wi

null 57 Jan 4, 2023
Full-stack React app built with Typescript, Bootstrap, Apollo client on the frontend, and NodeJS/Express, Typescript, Apollo server, and MongoDB/mongoose on the backend.

Event Scheduler App This project was bootstrapped with Create React App. Event Scheduler is a React app that allows users to create events. An event c

ahmed 8 Dec 1, 2022
A Node.js-React.js-PostgreSQL Boilerplate

A Node.js-React.js-PostgreSQL Boilerplate

null 3 Mar 26, 2022
A MERN stack (Mongo, Express, React, Node) boilerplate to get Palowans up and running quickly.

Palo MERN boilerplate A MERN stack (Mongo, Express, React, Node) boilerplate to get Palowans up and running quickly on new projects. Commands: npm ins

Palo IT Singapore 10 Oct 31, 2022
Postgres, Express, React, Node - Stack Boilerplate

PERN Boilerplate ?? WORK IN PROGRESS ?? upcoming features: Email confirmation Socials Login Features GraphQL Server JWT Authentication Auto refresh ac

Prince Carlo Juguilon 15 Aug 9, 2022
Mern-web3 - A simple MERN stack application using React, Express, Mongo, and Web3 based authentication using MetaMask and Ethereum

machinellama/MERN-Web3 Quickly create a simple MERN stack application with key f

null 19 Nov 13, 2022
:point_up::running: Modern Relay Starter Kit - Integrated with Relay, GraphQL, Express, ES6/ES7, JSX, Webpack, Babel, Material Design Lite, and PostCSS

Relay Fullstack is a Relay scaffolding application that aims to help you get up and running a project without worrying about integrating tools. It com

Varayut Lerdkanlayanawat 991 Dec 30, 2022
React-Typescript-Webpack was config with React, Typescript, and Webpack without CRA. Faster to start your next react project.

Start your react typescript project with manual webpack config in seconds Flexible to control webpack, easy to deploy Keywords: React Starter, Webpack

jdn97 61 Jan 5, 2023
A web application for learning about your local politicians built with a React and Next.js front-end, an Express Node.js GraphQL backend API

Integra is a web application for learning about your local politicians. It is built with a React and Next.js front-end, an Express Node.js GraphQL backend API, and a MongoDB database with a Prisma schema.

Jeremy Nguyen 9 Dec 1, 2022
A boilerplate of SPA, built with React.js, Webpack, ES6+, Redux, Router, Babel, Express, Ant Design...

Getting start Clone this repo: $ git clone https://github.com/jovey-zheng/react-start-kit.git Install dependenices: $ npm i Start the project: $ npm

Jovey Zheng 109 Mar 1, 2022
Free and open-source MERN Stack CRUD Application built with React v17+, RRDv6+, Node.js, Express.js MongoDB and Mongoose ODM

?? MERN Stack CRUD Application Free and open-source MERN Stack CRUD Application built with React v17+, RRDv6+, Node.js, Express.js MongoDB and Mongoos

Henok R. Bedassa 20 Dec 19, 2022
Boilerplate with React client and Express backend written in TypeScript. Offers performance and extended functionality. Comes with SSR and without need to learn a framework. Helps to avoid frequent React-Express integration pitfalls.

Project Highlights Performance. Achieved by webpack tree shaking, script bundle minification and compression (gzip and Brotli). Complimented by server

winwiz1 157 Dec 28, 2022
A starter boilerplate for a universal webapp using express, react, redux, webpack, and react-transform

React Redux Universal Hot Example About This is a starter boilerplate app I've put together using the following technologies: Isomorphic Universal ren

Erik Rasmussen 12.1k Jan 5, 2023