Read-only Canvas LMS CLI that needs no API token. You log in through your browser once, and the CLI reuses that session to read your courses, upcoming assignments, and announcements from the command line.
This exists because some schools (a number of universities included) disable
Canvas personal access tokens. Without a token, the usual API-based tools
stop working. canvas-cli sidesteps that: it drives a real, logged-in browser
session and calls Canvas's own /api/v1/ REST endpoints with your session
cookies, which Canvas accepts even when token generation is turned off.
It is intentionally small and read-only. It lists data; it never submits coursework, sends messages, or writes anything back to Canvas.
canvas-cli loginopens a real Chromium window at your Canvas URL.- You complete your school's normal SSO login in that window.
- The session is saved to a persistent browser profile on your machine.
- Every later command runs headless, reusing that saved session to call the Canvas REST API. No token, no password storage, no scraping.
npm install
npx playwright install chromium # one-time: download the headless browser
npm run build
npm link # optional: put `canvas-cli` on your PATHOr install from npm once published:
npm install -g canvas-cli
npx playwright install chromiumPoint the CLI at your school's Canvas instance and log in once:
export CANVAS_BASE_URL="https://your-school.instructure.com"
canvas-cli loginA browser window opens. Finish SSO. When the CLI detects you are authenticated, it saves the session and closes. You only repeat this when the session eventually expires.
canvas-cli courses list [--json] [--limit N]
canvas-cli assignments list [--json] [--lookahead DAYS] [--limit N]
canvas-cli notifications list [--json] [--limit N]
canvas-cli items list [--json] [--lookahead DAYS] [--limit N]
canvas-cli status [--json]
canvas-cli logincanvasctl is installed as an alias for canvas-cli.
Examples:
canvas-cli courses list
canvas-cli assignments list --lookahead 21
canvas-cli items list --jsonIf a command reports auth_required, run canvas-cli login again to refresh
the session.
| Flag | Description |
|---|---|
--json |
Emit JSON instead of text (see below) |
--limit N |
Cap the number of rows returned |
--lookahead DAYS |
Assignment due-date window in days (default 14) |
--base-url URL |
Canvas base URL (overrides CANVAS_BASE_URL) |
--profile NAME |
Use a named login profile (default default) |
--source KIND |
Backend: playwright (default) or browser-bridge |
--bridge PATH |
Path to a browser-bridge binary (advanced) |
Environment variables: CANVAS_BASE_URL, CANVAS_CLI_PROFILE_DIR (where the
browser profile is stored; defaults to $XDG_DATA_HOME/canvas-cli/profile or
~/.local/share/canvas-cli/profile), CANVAS_CLI_PROFILE_NAME.
--json prints the mapped data as JSON arrays (or, for items, an object with
assignments and notifications). This is the stable interface other tools
consume. For example, a digest tool can shell out to:
canvas-cli assignments list --jsonand parse the result directly.
The default and recommended backend is Playwright. As an alternative, you can
delegate to a separate, user-supplied browser-bridge binary that exposes
canvas list-courses, canvas list-upcoming-assignments, and
canvas list-recent-notifications actions:
canvas-cli courses list --source browser-bridge --bridge /path/to/browser-bridge.js
# or
BROWSER_BRIDGE_PATH=/path/to/browser-bridge.js canvas-cli courses list --source browser-bridgeThere is no default path: you must supply one via --bridge or
BROWSER_BRIDGE_PATH. This path is optional and only relevant if you already
run your own browser-bridge.
canvas-cli is read-only. It only calls Canvas list endpoints and never writes
to Canvas. It does drive a live authenticated browser profile stored on your
machine, so an expired SSO session is a normal operational outcome: just run
canvas-cli login again.
npm run verify # tests + typecheck + buildTests run entirely offline. The Canvas REST mapping and pagination logic is exercised against a mocked requester, so no live Canvas session or browser is needed to test. The one piece that cannot be unit-tested is the interactive SSO login itself, which requires a real browser and a human.
MIT. See LICENSE.