Build, scan, and fix repository dependencies. Desktop (Electron) + Web (Vite/React) app with OSV vulnerability scanning, rich visuals, and optional AI-assisted fixes.
- Quick repo onboarding with auto-manifest discovery; multi-ecosystem scanning (npm, pip, etc.)
- Privacy-friendly local scanning; only dependency metadata is queried against OSV
- OSV-powered insights with severity normalization, rollups, and per-dependency details
- Visual analytics: overview, stats, and treemap-ready data for at-a-glance risk
- Import location hints via tree-sitter (JavaScript/TypeScript, Python)
- Real-time Fix Console (Socket.IO) streaming steps, commands, warnings, and errors
- AI-assisted code fixes via Gemini CLI; one-click apply, then automatic rescan + DB update
- Robust auth: Email OTP (5‑minute expiry) and Google OAuth
- Desktop + Web: Electron desktop app and Vite-powered web app
- Multi-repo management with search, filters (severity/ecosystem), pagination, and rescans
- Cross-platform support (Windows/macOS/Linux)
- Backend: Node.js, Express, MongoDB (Mongoose), Passport, Nodemailer
- Frontend: React, TypeScript, Vite, Tailwind CSS, Recharts, Framer Motion
- Desktop: Electron (preload + context isolation)
- Realtime: Socket.IO
- Scanning: OSV API, tree-sitter (code import detection)
astra/
├─ Backend/
│ ├─ config/ # Passport strategies
│ ├─ controllers/ # Route handlers (repos, dependencies, OTP)
│ ├─ db/ # DB connection
│ ├─ models/ # Mongoose models
│ ├─ routes/ # Express routes
│ ├─ utils/ # OSV, scanning, socket, email, gemini
│ └─ index.js # Express app entry
└─ Frontend/
├─ electron/ # main/preload for Electron
├─ src/
│ ├─ components/ # UI components (modals, dropdowns, etc.)
│ ├─ pages/ # Dashboard, Dependencies, Details, Auth
│ ├─ contexts/ # Auth provider
│ ├─ services/ # API client
│ └─ store/ # Redux store & slice
└─ index.html # Vite entry
Prerequisites:
- Node.js 18+ and npm
- MongoDB running and accessible
- Gemini CLI installed and available on PATH (required to use code-fix features)
Clone the repo:
git clone https://github.com/your-org/astra.git
cd astracd Backend
npm installCreate a .env file in Backend/:
# Mongo
MONGO_URI=mongodb://localhost:27017/astra
PORT=3000
SESSION_SECRET =
# Google OAuth
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
# Mail (for OTP)
MAIL_HOST=smtp.example.com
MAIL_USER=your_smtp_user
MAIL_PASS=your_smtp_pass
MAIL_FROM="Astra <no-reply@example.com>"
# Gemini
GEMINI_API_KEY = Create a .env file in Frontend/:
GOOGLE_CLIENT_ID = your_client_ID
GOOGLE_CLIENT_SECRET = your_secret
ELECTRON_DEV=1Run the backend (nodemon):
npm run dev
# or
npm startThe backend defaults to http://localhost:3000.
cd ../Frontend
npm installRun web (Vite) only:
npm run dev
# Web: http://localhost:5173Run Electron + Vite together (Windows):
npm startRun Electron on macOS/Linux (alternative):
# Terminal A
npm run dev
# Terminal B (after Vite is up)
ELECTRON_DEV=1 npx electron .Build web assets:
npm run buildLaunch Electron against built assets:
npm run electron-buildNotes:
- Frontend
startusesconcurrentlyand a Windows-stylesetforELECTRON_DEV. On macOS/Linux, prefer the two-terminal approach above or replaceset ELECTRON_DEV=1withcross-env ELECTRON_DEV=1. - The Electron app expects the backend on
http://localhost:3000.
Backend (Backend/package.json):
npm run dev– start with nodemonnpm start– start with node
Frontend (Frontend/package.json):
npm run dev– Vite dev servernpm start– Vite + Electron (Windows-style env)npm run electron– wait for Vite then start Electron (Windows-style env)npm run build– Vite production buildnpm run electron-build– start Electron on current directory
- Electron does not open on macOS/Linux using
npm start:- Use the two-terminal approach (run Vite, then
ELECTRON_DEV=1 npx electron .). - Or install
cross-envand change the script tocross-env ELECTRON_DEV=1.
- Use the two-terminal approach (run Vite, then
- Ports: Backend 3000, Web 5173. Adjust if already in use.
| GitHub |
|---|
| mahil-2040 |
| Random-Pikachu |