Installations
npm install @fluidframework/driver-base
Releases
Fluid Framework v2.10.0 (minor)
Published on 19 Nov 2024
Fluid Framework v2.5.0 (minor)
Published on 05 Nov 2024
Fluid Framework v2.4.0 (minor)
Published on 15 Oct 2024
build-tools v0.49.0 (minor)
Published on 15 Oct 2024
build-tools v0.48.0 (minor)
Published on 15 Oct 2024
build-tools v0.47.0 (minor)
Published on 08 Oct 2024
Developer
Developer Guide
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
18.17.1
NPM Version
9.6.7
Statistics
4,745 Stars
21,415 Commits
535 Forks
78 Watching
459 Branches
246 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (88.92%)
JavaScript (10.14%)
HTML (0.85%)
Dockerfile (0.05%)
Shell (0.03%)
Mustache (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
1,347,405
Last day
-36.9%
1,067
Compared to previous day
Last week
-13.9%
7,198
Compared to previous week
Last month
5%
33,093
Compared to previous month
Last year
18.8%
561,441
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
Dev Dependencies
23
Fluid
The Fluid Framework is a library for building distributed, real-time collaborative web applications using JavaScript or TypeScript.
Getting started using the Fluid Framework
You may be here because you want to...
- Learn more about the Fluid Framework
- Build a Fluid object
Documentation and guides can be found at https://fluidframework.com/.
Hello World repo can be found at https://github.com/microsoft/FluidHelloWorld.
Core Examples repo can be found at https://github.com/microsoft/FluidExamples.
Have questions? Engage with other Fluid Framework users and developers in the Discussions section of our GitHub repo.
Using Fluid Framework libraries
When taking a dependency on a Fluid Framework library's public APIs, we recommend using a ^
(caret) version range, such as ^1.3.4
.
While Fluid Framework libraries may use different ranges with interdependencies between other Fluid Framework libraries,
library consumers should always prefer ^
.
If using any of Fluid Framework's unstable APIs (for example, its beta
APIs), we recommend using a more constrained version range, such as ~
.
Code structure
The core code for both the Fluid client packages and the reference ordering service is contained within this repo.
The repo structure is somewhat unique because it contains several pnpm workspaces: some for individual packages and some for larger collections which we call "release groups". The workspaces are versioned separately from one another, but internally all packages in a workspaces are versioned together.
These workspaces do not align with package namespaces, and also don't always correspond to a single directory of this repo.
Here's the list of release group workspaces:
- client (previously known as "Fluid Framework Client" or "core") (Rooted in ./. Configured by ./pnpm-workspace.yaml)
- ./packages (Published in the
@fluidframework/
namespace, but some in@fluid-tools
and unpublished packages in@fluid-internal/
) - ./experimental (Published in the
@fluid-experimental/
namespace) - ./examples (Not published, live in the
@fluid-example/
namespace) - ./azure. (Published in the
@fluidframework/
namespace)
- ./packages (Published in the
- routerlicious (Reference Fluid Ordering Service) (Rooted in ./server/routerlicious. Configured by ./server/routerlicious/lerna.json)
- Packages (Published in the
@fluidframework/
namespace)
- Packages (Published in the
- gitrest (Rooted in ./server/gitrest. Configured by ./server/gitrest/lerna.json)
- Packages (Published in the
@fluidframework/
namespace)
- Packages (Published in the
- historian (Rooted in ./server/historian. Configured by ./server/historian/lerna.json)
- Packages (Published in the
@fluidframework/
namespace)
- Packages (Published in the
- build-tools (Rooted in ./build-tools. Configured by ./build-tools/lerna.json)
- Packages (Published in a mix of
@fluidframework/
and@fluid-tools/
namespaces)
- Packages (Published in a mix of
Here's a list of other sets of other packages (each package within these groups is versioned independently, forming its own release group):
- "Common" Packages: miscellaneous packages in the ./common directory and published under the
@fluidframework/
namespace. Most of these (but not all) have "common" in their package name. Packages which are used by multiple other groups of packages (such as built tools, linter configs and protocol definitions) live here. - "Tools" Packages: miscellaneous packages in the ./tools directory and published under a variety of namespaces. Logically about the same as "Common", but most of the names include "tools" instead of "common".
- Auxiliary Microservice Packages (supporting Routerlicious)
- ./server excluding routerlicious, gitrest and historian (Published in the
@fluidframework/
namespace)
- ./server excluding routerlicious, gitrest and historian (Published in the
- ./docs: The code and content for https://fluidframework.com.
Dependencies between packages in various layers of the system are enforced via a build step called layer-check. You can view the full list of packages and layers in PACKAGES.md.
- Note: to update the contents of
PACKAGES.md
for local package changes, runpnpm layer-check --md .
.
Setup and Building
Install the required tools:
- Git.
- + Git LFS
- Node.js: install the version noted in in the .nvmrc file. See NodeJs Installation for details.
Clone a copy of the repo and change to the repo root directory:
1git clone https://github.com/microsoft/FluidFramework.git 2cd FluidFramework
Enable NodeJs's corepack:
1corepack enable
Run the following to build the client packages:
1pnpm install 2npm run build
You can use the experimental worker mode to get faster build time as well: npm run build:fast
See also: Contributing
Build in VSCode
To build Fluid Framework within VSCode, open the Fluid Framework repo folder as a work space and use Ctrl-Shift-B
to activate the build task. It is the same as running npm run build
on the command line.
NodeJs Installation
We recommend using nvm (for Windows or MacOS/Linux) or fnm to install Node.js. This ensures you stay at the correct version while allowing other uses of NodeJS to use the (possibly different) versions they need side-by-side.
Because of a transitive dependency on a native addon module, you'll also need to ensure that you have the prerequisites for node-gyp
.
Depending on your operating system, you'll have slightly different installation requirements (these are largely copied from node-gyp
's documentation):
On Windows
The node installer should ask if you want to install "Tools for Native Modules." If you check the box for this nothing further should be needed. Otherwise, you can follow the steps listed here
On Unix
- Python v3.7, v3.8, v3.9, or v3.10
make
- A C/C++ toolchain (like GCC)
On MacOS
If you've upgraded your Mac to Catalina or higher, you may need to follow these instructions.
- Python v3.7, v3.8, v3.9, or v3.10
XCode Command Line Tools
, which will installmake
,clang
, andclang++
- You can install these by running
xcode-select --install
from a command line.
- You can install these by running
Other Build Requirements
- Building server/Routerlicious
- Refer to that package's README for additional requirements.
- Note that these requirements do not affect all workflows (e.g. the one noted above), but will affect workflows that include the packages under
server
(e.g.fluid-build --symlink:full
).
On Windows
- Ensure that you have enabled running Powershell scripts by setting your environment's Execution Policy.
Other Build Commands
Building our docs
There are a few different areas in which we generate documentation content as a part our overall build.
- fluidframework.com
- We build the contents of our public website from the
docs
directory under the root of this repo. See its README for more details.
- We build the contents of our public website from the
- Generated README contents
- We leverage a local tool (markdown-magic) to generate / embed contents in our various package-level READMEs.
This is done as a part of a full build, but it can also be executed in isolation by running
npm run build:readme
from the repo root.
- We leverage a local tool (markdown-magic) to generate / embed contents in our various package-level READMEs.
This is done as a part of a full build, but it can also be executed in isolation by running
- API reports
- We leverage API-Extractor to generate summaries of our package APIs.
This is done as a part of a full build, but it can also be executed in isolation by running
npm run build:api
from the repo root.
- We leverage API-Extractor to generate summaries of our package APIs.
This is done as a part of a full build, but it can also be executed in isolation by running
Common Workflows and Patterns
This section contains common workflows and patterns to increase inner dev loop efficiency.
Build
-
pnpm install
from the root of the repository to install dependencies. This is necessary for new clones or after pulling changes from the main branch. -
pnpm run build:fast
from the root of the repository to perform an incremental build that matches the CI build process. Incremental builds tend to leave extra files laying around, so running a clean is sometimes needed to cleanup ghost tests -
pnpm run build:fast -- <path>
to build only a specific part of the repository. -
pnpm run build
within a package directory to build that package. -
pnpm run build:compile
for cross-package compilation. -
pnpm run format
to format the code. -
fluid-build --vscode
to output error message to work with default problem matcher in vscode. Iffluid-build
is not installed, please install it withnpm i -g @fluidframework/build-tools
.
Multi package setup
fluid-build -t build <NAME_OF_PACKAGES>
to build a multiple space-separated packages along with all their dependencies. Iffluid-build
is not installed, please install it withnpm i -g @fluidframework/build-tools
.
Debug
-
You can also use the VSCode JS debug terminal, then run the test as normal.
-
Sometimes, uncommitted changes can cause build failures. Committing changes might be necessary to resolve such issues.
Troubleshooting
pnpm clean
if random build failures, especially with no changesgit clean -xdf
to remove extraneous files if debugging becomes slow or hangs.
Testing
You can run all of our tests from the root of the repo, or you can run a scoped set of tests by running the test
command from the package you're interested in.
Note: Some of the tests depend on test collateral that lives in a submodule here: https://github.com/microsoft/FluidFrameworkTestData. You may choose to fetch that collateral into your local repository, which is required to run all the tests - otherwise some will be skipped.
First, ensure you have installed Git LFS. Then, from the repo root:
1git lfs install 2git submodule init 3git submodule update
Run the tests
Before running the tests, the project has to be built. Depending on what tests you want to run, execute the following command in the package directory or at the root:
1npm run test
-
To run a single test within a module, add
.only
toit
ordescribe
. To exclude a test, use.skip
. -
You can use
ts-mocha
to quickly run specific test files without needing to make the whole project compile. For more details on test filtering using CLI arguments, refer to the Mocha documentation. -
Our test setup generally requires building before running the tests.
-
Incremental builds may leave extra files, which can result in ghost tests. To avoid this, consider running a clean build with the following command:
1pnpm clean <package>
This removes any leftover files from previous builds, providing a clean testing environment.
Include code coverage
1npm run test:coverage
Mimic the official CI build
Our CI pipelines run on Linux machines, and the npm scripts all have the ci
prefix.
To replicate the test steps from the CI pipeline locally, run the following commands for the packages or pnpm workspaces:
Run | Non-Windows | Windows |
---|---|---|
PR | npm run ci:test | npm run test:report && npm run test:copyresults |
Official | npm run ci:test:coverage | npm run test:coverage && npm run test:copyresults |
Run tests from within VS Code
We've checked in VS Code configuration
enabling F5 from a spec.ts
file to run those tests if you set the debug configuration to "Debug Current Test".
Run it locally
Single browser window, two panes
This will use an in-memory implementation of the Fluid server to sync between the two panes in the browser window.
- Choose an example under
/examples
- Navigate to the example's directory, e.g.
/examples/data-objects/clicker
npm run start
- Browse to http://localhost:8080 to interact with two copies of the example side-by-side
Multiple browser instances on the same device
This will run the local Fluid server implementation we call "Tinylicious", so you can sync between multiple browser instances.
First, start Tinylicious by running these commands from /server/routerlicious/
:
1pnpm install
Then these commands from /server/routerlicious/packages/tinylicious
:
1pnpm run build 2pnpm run start
Then:
- Navigate to the example of your choice (same as above)
npm run start:tinylicious
- Browse to http://localhost:8080, copy the full URL you're redirected to, and open in a second window to collaborate
Tools
Prettier
This repository uses prettier as its code formatter. Right now, this is implemented on a per-package basis, with a shared base configuration.
- To run
prettier
on your code, runnpm run format
from the appropriate package or release group, or runnpm run format:changed
from the root of the repo to format only files changed since the main branch. If your change is for the next branch instead, you can runnpm run format:changed:next
. - To run
prettier
with fluid-build, you can specify "format" via the script argument:fluid-build -t format
ornpm run build:fast -- -t format
To ensure our formatting remains consistent, we run a formatting check as a part of each package's lint
script.
VSCode Options
Our workspace configuration specifies prettier
as the default formatter.
Please do not change this.
It is not configured to do any formatting automatically, however. This is intentional, to ensure that each developer can work formatting into their workflow as they see fit. If you wish to configure your setup to format on save/paste/etc., please feel free to update your user preferences to do so.
Notable setting options:
format on save
format on paste
Git Configuration
Run the following command in each of your repositories to ignore formatting changes in git blame commands:Â git config --local blame.ignoreRevsFile .git-blame-ignore-revs
Developer notes
Root dependencies
The root package.json in the repo includes devDependencies on the mocha and jest testing tools. This is to enable easier test running and debugging using VSCode. However, this makes it possible for projects to have a 'phantom dependency' on these tools. That is, because mocha/jest is always available in the root, projects in the repo will be able to find mocha/jest even if they don't express a dependency on those packages in their package.json. We have lint rules in place to prevent phantom dependencies from being introduced but they're not foolproof.
Contributing
There are many ways to contribute to Fluid.
- Participate in Q&A in our GitHub Discussions.
- Submit bugs and help us verify fixes as they are checked in.
- Review the source code changes.
- Contribute bug fixes.
Detailed instructions for working in the repo can be found in the Wiki.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain Microsoft trademarks or logos for Microsoft projects, products, or services. Use of these trademarks or logos must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:18
- Warn: containerImage not pinned by hash: server/routerlicious/packages/tinylicious/.devcontainer/Dockerfile:6: pin your Docker image by updating node:14.19.1 to node:14.19.1@sha256:61168c39af89331ffaa6ba41c2a44f4d5132a857a6034175f994948b5798b588
- Warn: downloadThenRun not pinned by hash: .devcontainer/Dockerfile:41
- Warn: npmCommand not pinned by hash: server/routerlicious/packages/tinylicious/.devcontainer/Dockerfile:12-57
- Info: 32 out of 32 GitHub-owned GitHubAction dependencies pinned
- Info: 28 out of 28 third-party GitHubAction dependencies pinned
- Info: 7 out of 9 containerImage dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Warn: 'up-to-date branches' is disabled on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-wg85-p6j7-gp3w
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/changeset-reporter.yml:18
- Warn: no topLevel permission defined: .github/workflows/changeset-reporter.yml:1
- Info: topLevel 'actions' permission set to 'read': .github/workflows/linkcheck-reporter.yml:9
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-check-changeset.yml:15
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/push-tag-create-release.yml:24
- Info: topLevel 'actions' permission set to 'read': .github/workflows/release-approval.yml:25
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/release-approval.yml:28
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/release-approval.yml:31
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/release-branches.yml:34
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/stale-branches.yml:8
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/website-validation.yml:19
- Info: no jobLevel write permissions found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact client_v2.10.0 not signed: https://api.github.com/repos/microsoft/FluidFramework/releases/186103734
- Warn: release artifact client_v2.5.0 not signed: https://api.github.com/repos/microsoft/FluidFramework/releases/183526337
- Warn: release artifact client_v2.4.0 not signed: https://api.github.com/repos/microsoft/FluidFramework/releases/180076790
- Warn: release artifact build-tools_v0.49.0 not signed: https://api.github.com/repos/microsoft/FluidFramework/releases/179910129
- Warn: release artifact build-tools_v0.48.0 not signed: https://api.github.com/repos/microsoft/FluidFramework/releases/179010099
- Warn: release artifact client_v2.10.0 does not have provenance: https://api.github.com/repos/microsoft/FluidFramework/releases/186103734
- Warn: release artifact client_v2.5.0 does not have provenance: https://api.github.com/repos/microsoft/FluidFramework/releases/183526337
- Warn: release artifact client_v2.4.0 does not have provenance: https://api.github.com/repos/microsoft/FluidFramework/releases/180076790
- Warn: release artifact build-tools_v0.49.0 does not have provenance: https://api.github.com/repos/microsoft/FluidFramework/releases/179910129
- Warn: release artifact build-tools_v0.48.0 does not have provenance: https://api.github.com/repos/microsoft/FluidFramework/releases/179010099
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More