Gathering detailed insights and metrics for create-liveblocks-app
Installations
npm install create-liveblocks-appDeveloper Guide
BETA
Typescript
No
Module System
ESM
Node Version
22.6.0
NPM Version
10.8.2
Score
73.3
Supply Chain
98.1
Quality
88.3
Maintenance
100
Vulnerability
99.3
License
Releases
190
Contributors
46
Languages
7
TypeScript
MDX
JavaScript
CSS
Shell
PEG.js
HTML
TypeScript (82.59%)
MDX (11.79%)
JavaScript (2.53%)
CSS (2.42%)
Shell (0.45%)
PEG.js (0.17%)
HTML (0.06%)
Developer
Download Statistics
Total Downloads
46,120
Last Day
94
Last Week
561
Last Month
2,479
Last Year
24,958
GitHub Statistics
3,730 Stars
2,425 Commits
313 Forks
18 Watching
126 Branches
46 Contributors
Maintainers
5
Package Meta Information
Latest Version
2.20240816.0
Package Id
create-liveblocks-app@2.20240816.0
Unpacked Size
1.29 MB
Size
268.21 kB
File Count
43
NPM Version
10.8.2
Node Version
22.6.0
Publised On
16 Aug 2024
Total Downloads
Cumulative downloads
Total Downloads
46,120
Last day
-30.9%
94
Compared to previous day
Last week
-7.1%
561
Compared to previous week
Last month
3.9%
2,479
Compared to previous month
Last year
20.6%
24,958
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
create-liveblocks-app
The easiest way to get started with a Liveblocks starter kit or example.
Get started
You can create a new Liveblocks project using the following command:
npx create-liveblocks-app@latest
The initial prompt allows you to set up one of the following:
- Next.js Starter kit—Our official starter kit for Next.js
- An example from the Liveblocks repo—Any
example from
liveblocks/liveblocks
From there, follow the instructions to set up your app! You can also use the CLI
to generate a liveblocks.config.(js|ts) config file.
Flags (optional)
If you wish, you can skip certain create-liveblocks-app prompts with the
following flags. Please note that these are optional, and if no flags are used,
you will be prompted about these options in the installer instead.
npx create-liveblocks-app@latest [options]
Options:
--init
Generate a liveblocks.config.(js|ts) file in the current directory
--framework [`react`|`javascript`]
The framework your config file uses. Option only for `--init`.
e.g. `--framework react`
--next
Use the Next.js Starter Kit
--example [example name]
Use a Liveblocks example, the name corresponding to the example name in the repo
e.g. `--example zustand-whiteboard` for https://github.com/liveblocks/liveblocks/tree/main/examples/zustand-whiteboard
--name [repo name]
The name of the project/directory
e.g. `--name my-liveblocks-project`
--package-manager [`npm`|`yarn`|`pnpm`]
Select your package manager, default is `npm`
e.g `--package-manager yarn`
--auth [`demo`|`github`|`auth0`]
Select your authentication method. Option only for Next.js Starter Kit.
e.g. `--auth github`
--install
Install the project with the selected package manager
--no-install
Don't install the project
--git
Initialize git
--no-git
Don't initialize git
--vercel
Deploy on Vercel, and get Liveblocks API key
--no-vercel
Don't deploy on Vercel
--api-key
Get Liveblocks API key. Ignored if `--vercel` is used.
--no-api-key
Don't get Liveblocks API key. Ignored if `--vercel` is used.
--open
Open browser without asking permission, when deploying to Vercel or getting API key
--upgrade [version]
Upgrade all Liveblocks packages to a certain version. If no version passed, use `latest`
e.g. `--upgrade` for latest, `--upgrade 2.0.0` for 2.0.0
--help
Find more info
Examples
Next.js Starter Kit with no install:
npx create-liveblocks-app@latest --next --no-install
Example from Liveblocks repo with directory/project name specified:
npx create-liveblocks-app@latest --example nextjs-live-avatars --name my-liveblocks-app
Next.js Starter Kit with every option:
npx create-liveblocks-app@latest --next --name my-project --auth github --package-manager npm --install --git --vercel --open
Generate a Liveblocks config file:
npx create-liveblocks-app@latest --init
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
project is fuzzed
Details
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/crdts/__tests__/_arbitraries.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/crdts/__tests__/cloning.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/DefaultMap.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/EventSource.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/SortedList.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/nanoid.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/objectToQuery.test.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/position.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/shallow.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/signals/MutableSignal.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/signals/Signal.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/liveblocks-core/src/lib/__tests__/utils.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: schema-lang/infer-schema/src/tests/arbitraries.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: schema-lang/infer-schema/src/tests/inferSchema.test.ts:3
- Info: TypeScriptPropertyBasedTesting integration found: schema-lang/liveblocks-schema/src/checker/__tests__/checker.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: schema-lang/liveblocks-schema/src/parser/__tests__/parser.test.ts:1
Reason
binaries present in source code
Details
- Warn: binary detected: examples/react-native-todo-list/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
Found 14/17 approved changesets -- score normalized to 8
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/deploy-examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-cli-tools.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-devtools.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-packages.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-tools.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-cli-tools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-tools.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-cli-tools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-devtools.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-devtools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-devtools.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-devtools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-devtools.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-devtools.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-devtools.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-devtools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-packages.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-packages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-packages.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/publish-packages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/liveblocks/liveblocks/tests.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/scripts/release.sh:108
- Warn: npmCommand not pinned by hash: .github/scripts/release.sh:116
- Warn: npmCommand not pinned by hash: .github/scripts/release.sh:131
- Warn: npmCommand not pinned by hash: scripts/link-example-locally.sh:63
- Warn: npmCommand not pinned by hash: scripts/link-example-locally.sh:65
- Warn: npmCommand not pinned by hash: scripts/publish-lang-packages.sh:149
- Warn: npmCommand not pinned by hash: scripts/publish-lang-packages.sh:314
- Warn: npmCommand not pinned by hash: scripts/upgrade-examples.sh:62
- Warn: npmCommand not pinned by hash: .github/workflows/publish-devtools.yml:58
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yml:112
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yml:151
- Warn: npmCommand not pinned by hash: .github/workflows/tests.yml:177
- Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 14 npmCommand dependencies pinned
Reason
67 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
- Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
- Warn: Project is vulnerable to: GHSA-fr5h-rqp8-mj6g
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-fq54-2j52-jc42
- Warn: Project is vulnerable to: GHSA-77r5-gw3j-2mpf
- Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-v64w-49xw-qq89
- Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv
- Warn: Project is vulnerable to: GHSA-4943-9vgg-gr5r
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-cr5q-6q9f-rq6q
- Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m
- Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8
- Warn: Project is vulnerable to: GHSA-5866-49gr-22v4
- Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6
- Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh
- Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3
- Warn: Project is vulnerable to: GHSA-6f62-3596-g6w7
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-mv48-hcvh-8jj8
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-mh2x-fcqh-fmqv
- Warn: Project is vulnerable to: GHSA-rjjv-87mx-6x3h
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
- Warn: Project is vulnerable to: GHSA-22r3-9w55-cj54
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c
Score
5.2
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More