GitHub - bedrockio/bedrock-core: Bedrock is a battle-tested template of micro services, components and patterns that tie together Kubernetes, Mongo, Node and React

2 min read Original article ↗

Bedrock Platform

More documentation about specific services and components can be found in the following sections:

  • deployment/ - Provisioning, Deployment automation, how to's, playbooks and procedures
  • services/api - Data API and data model layer that powers all applications
  • services/web - Web application and administration dashboard

Quick Start

Using Docker Compose you can build and run all services and dependencies as follows:

Open the dashboard at http://localhost:2200/ - Admin login credentials can be seen in the API output.

Package Management

This repo uses pnpm. Node is pinned via Volta; pnpm is pinned via the packageManager field in each package.json. Install pnpm once with npm install -g pnpm (Node 26 no longer bundles corepack). Each service is installed independently from its own directory:

cd services/api && pnpm install   # likewise services/web

Supply-chain hardening

Each service's pnpm-workspace.yaml enables a few pnpm supply-chain protections:

  • minimumReleaseAge: 10080 — refuse to install any package version published less than 7 days ago (lets malware in a fresh release be caught before it lands here). A too-new pin in the lockfile is rejected on install; re-resolve to pick a compliant version.
  • blockExoticSubdeps: true — block transitive dependencies that resolve from git/tarball URLs instead of the registry.
  • allowBuilds: — an explicit allowlist of the only dependencies permitted to run install scripts (pnpm blocks all others by default). Add a package here if a build it needs is being skipped.

Git worktrees

Worktrees work out of the box — pnpm shares the global content-addressable store across all worktrees via hardlinks, so each worktree's pnpm install is fast and disk-cheap.

pnpm also has a global virtual store that would additionally share the .pnpm symlink farm across worktrees. It is not enabled here: it requires the isolated (symlinked) node_modules layout, which conflicts with the nodeLinker: hoisted we commit for self-contained Docker/CI builds (hoisted has no virtual store to share). Because the committed hoisted wins over global pnpm config, turning the virtual store on would mean dropping hoisted from pnpm-workspace.yaml — so we leave it off and rely on the shared content store above, which already makes worktree installs fast and cheap.

API Documentation

Full portal with examples:

http://localhost:2200/docs/getting-started

Code documentation:

services/api

Web Documentation

services/web