Skip to content

feedockapp/feedock-js

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Feedock — public packages

The source for the packages Feedock publishes to npm.

This is a read-only mirror. These packages are developed in Feedock's main repository, which is private, and synced here on release. Pull requests here cannot be merged — the next sync overwrites them. Please post issues and requests on feedback.feedock.com instead.

Package npm What it is
@feedock/react npm React components that put a feedback board, roadmap, and changelog in your app
@feedock/mcp npm MCP server — drives your Feedock project from Claude, Cursor, or any MCP client
@feedock/sanitize — (not published) The HTML allow-list the API sanitizes with. Published here to be read, not installed.
npm install @feedock/react     # embed the board in your React app
npx -y @feedock/mcp            # run the MCP server (needs a token)

Both need a project at feedock.com to talk to — they are clients for the hosted service, not a self-hostable backend. Setup for each is in its own README, and the full guide is at feedock.com/developers.

What is Feedock?

Feedock is a feedback and roadmap workspace for small teams. Your users post and upvote requests, you promote the good ones to the roadmap, and publishing the changelog entry emails the people who asked for it.

Why the code is public

@feedock/mcp asks you to hand an AI agent a token that can read and write your project — including private feedback and unpublished drafts. @feedock/react runs in your users' browsers. Neither is something you should take on our word, so the code is here: the tool definitions, what each one sends, which actions are gated, and the allow-list the API sanitizes with.

One thing worth being straight about, since it's the obvious hole in that argument: @feedock/react does not sanitize anything itself. It renders HTML the API already sanitized. So for that package the boundary you're trusting is our server, not this code — which is exactly why @feedock/sanitize, the allow-list that server applies, is mirrored here even though it isn't published to npm.

Reporting a security issue

Email support@feedock.com with "security" in the subject, rather than opening an issue here — an issue is public before we can fix it. Please don't test against other people's projects; a free project of your own is a fine target.

License

MIT — see LICENSE. Use them freely, including in commercial products.

About

Source for the packages Feedock publishes to npm: @feedock/react (embed a feedback board, roadmap, changelog) and @feedock/mcp (MCP server). Read-only mirror.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors