Thanks for improving hackrf-webui. Keep changes small, reproducible and safe for local radio operation.
npm ci
npm run devOpen http://localhost:3000 for development.
Run the full local gate before sending changes:
npm run check
npm run build
npm run check:bundle
npm run test:e2e
./start.sh --check --skip-system-deps --skip-maps --skip-adsb-runtime --skip-ainpm run check covers:
- ESLint
- clean TypeScript check
- Node test suite
- FM catalog manifest/shard checks
- shell/Python syntax checks
- root and catalog package audits
- package dry-run checks for generated runtime artifacts
- Playwright simulator/replay E2E smoke coverage (
npm run test:e2e) for browser audio, map feeds, release routes and diagnostics
npm run build still matters because it compiles the native HackRF receiver and creates Next.js route/bundle diagnostics used by npm run check:bundle.
- Do not commit runtime data, captures, databases, AI assets, map packs or generated binaries.
- Do not commit tokens, credentials, private hostnames or real operator locations.
- Keep remote/LAN access guarded. Non-loopback use should include
HACKRF_WEBUI_TOKENand, where needed,HACKRF_WEBUI_ALLOWED_ORIGINS. - Treat RF captures and decoded route history as sensitive local evidence.
- Prefer pinned immutable refs for downloaded source archives.
- If a download has a published checksum, document and wire it through the relevant
*_SHA256environment variable. - Run both audits:
npm audit --audit-level=high
npm --prefix ./scripts/catalog audit --audit-level=highGroup related work into logical commits. A good split is usually:
- tooling / CI / tests
- runtime or API behavior
- docs / release metadata
Avoid noisy formatting-only churn in large UI files unless the change specifically needs it.