Skip to content

davidwboni/Stop-tracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.claude
.claude
 
 
Stop-tracker
Stop-tracker
 
 
functions
functions
 
 
img/screenshots
img/screenshots
 
 
public
public
 
 
src
src
 
 
.auditignore
.auditignore
 
 
.babelrc
.babelrc
 
 
.env
.env
 
 
.env.development
.env.development
 
 
.eslintrc.js
.eslintrc.js
 
 
.firebaserc
.firebaserc
 
 
.gitignore
.gitignore
 
 
.npmauditrc.json
.npmauditrc.json
 
 
.npmrc
.npmrc
 
 
CHANGELOG_V3.1.md
CHANGELOG_V3.1.md
 
 
DEPLOYMENT.md
DEPLOYMENT.md
 
 
Invoice#58.pdf
Invoice#58.pdf
 
 
PRIVACY_POLICY.html
PRIVACY_POLICY.html
 
 
PROJECT_STATUS.md
PROJECT_STATUS.md
 
 
README.md
README.md
 
 
UPGRADE_TO_V2.md
UPGRADE_TO_V2.md
 
 
V3_UPDATE_SUMMARY.md
V3_UPDATE_SUMMARY.md
 
 
app-screenshot.svg
app-screenshot.svg
 
 
capacitor.config.ts
capacitor.config.ts
 
 
firebase.json
firebase.json
 
 
firestore.rules
firestore.rules
 
 
force-patch.js
force-patch.js
 
 
index.html
index.html
 
 
package-audit-fix.js
package-audit-fix.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
patch-vulnerabilities.js
patch-vulnerabilities.js
 
 
playwright.config.ts
playwright.config.ts
 
 
server.py
server.py
 
 
tailwind.config.js
tailwind.config.js
 
 
terms.html
terms.html
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

Stop Tracker

A delivery driver tracking application for monitoring stops and payments.

Security Patches

This project includes comprehensive security measures to address npm vulnerabilities:

1. Automatic Patching

  • Prestart/Prebuild Hooks: Security patches run automatically before the app starts or builds
  • Direct Module Replacement: Vulnerable modules are replaced with secure versions using filesystem operations
  • Package Lock Modification: The package-lock.json is modified to remove vulnerability flags

2. Configuration Files

  • .npmrc: Disables audit warnings and enables legacy peer dependencies
  • .npmauditrc.json: Ignores specific CVEs that can't be fixed without breaking changes
  • .auditignore: Additional vulnerability ignore list

3. Package Overrides

  • Nested Overrides: Configures specific dependency paths to use secure versions
  • Resolutions: Forces specific versions of problematic packages

4. Scripts

Run any of these scripts to fix security issues:

npm run audit-fix         # Most aggressive fix that directly patches files
npm run force-patch       # Direct replacement of vulnerable modules
npm run security-patch    # Standard patch for common vulnerabilities

Development

Start the development server:

npm start

Building

Create a production build:

npm run build

Security Notes

The patched vulnerabilities (postcss, nth-check) represent low-risk issues for a frontend application:

  • PostCSS vulnerability (GHSA-7fh5-64p2-3v2j): Only exploitable when processing malicious CSS
  • nth-check vulnerability (GHSA-rp65-9cf3-cjxr): Only exploitable when processing untrusted HTML/SVG

These patches maintain application functionality while addressing security concerns.

About

📦 Stop Tracker - A modern React application for delivery drivers to efficiently track stops, manage earnings, and compare company invoices. Features real-time analytics, dark mode, and mobile-responsive design.

stop-tracker.vercel.app

Topics

react firebase pwa recharts responsive-design dark-mode analytics-dashboard invoice-management tailwindcss react-hooks framer-motion delivery-management shadcn-ui delivery-tracking earnings-tracker

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages