Design pass across the frontend for a coherent, stronger-but-limited look (lime / coral / blue), keeping lime as the brand accent. - StatusBar: broker state is a fixed-width pill (lime=Idle, coral=Busy/ Pedestal/Error, light-blue=Inactive); while Measuring it fills like a progress bar (lime over the sidebar light-blue). Action buttons are a three-tier system (hot lime / active blue-on-blue / off ghost) so exactly one button reads as the thing to click now, ordered Cancel/Pedestal/ Initialize. Cancel is the emergency stop (hot while Measuring/Pedestal). - SettingsPanel: left-aligned card header on a light-blue band with a lime left accent (echoes the sidebar); inline <b> section labels restyled as uniform uppercase captions. DetectorSettings adopts the same header. - EmptyState: muted icon + text for "No plots"/"No preview". - DetectorStatus: semantic colour on state/power values. - Snackbars offset so action messages clear the fixed footer. - Footer PSI logo now uses the positive (dark) logos directly on the light footer instead of CSS-inverting the negative ones. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Jungfraujoch Frontend
Building
To build web interface:
cd frontend_ui
npm install
npm run openapi
npm run build
Available Scripts
In the project directory, you can run:
npm start
Runs the app in the development mode.
The page will reload if you make edits.
You will also see any lint errors in the console.
npm test
Launches the test runner in the interactive watch mode.
See the section about running tests for more information.
npm run build
Builds the app for production to the dist folder.
It correctly bundles React in production mode and optimizes the build for the best performance.
The build is minified and the filenames include the hashes.
Your app is ready to be deployed!
npm run openapi
npm audit findings
npm audit currently reports 17 advisories (3 high, 13 moderate, 1 low). All of
them live in build-time tooling and never reach the production bundle
shipped to the browser. Summary of the chains:
| Source dep | Vulnerable transitives | When it runs |
|---|---|---|
@redocly/cli |
@opentelemetry/*, dompurify (via redoc), ws (via simple-websocket), js-yaml, protobufjs, @babel/core |
npm run redocly / redocly4broker — static OpenAPI HTML generation |
vite |
esbuild@0.27.x |
Dev server and dep pre-bundling. Production build uses Rollup. |
vite-plugin-svgr |
@babel/core, js-yaml (via cosmiconfig) |
Vite build plugin |
openapi-typescript-codegen |
js-yaml |
npm run openapi — TS client generation |
Notes on the high-severity items:
esbuildGHSA-gv7w-rqvm-qjhr is a Deno-specific RCE viaNPM_CONFIG_REGISTRY; GHSA-g7r4-m6w7-qqqr is an arbitrary-file-read in the dev server on Windows. Neither applies to a Linux build of the production bundle.wsGHSA-96hv-2xvq-fx4p only matters whensimple-websocketopens a socket, which happens during docs generation, not at runtime.
npm audit fix cannot resolve any of these without downgrading
@redocly/cli (no real fix) or jumping vite to a major that switches the
bundler to Rolldown.