Unified analytics for onchain apps.
Website · Docs · Dashboard · Slack · X

The Formo Web SDK is a Javascript library that allows you to track user event data from your website and app.

You can install Formo on:

• Websites
• React apps
• Next.js apps

Visit Formo's Developer Docs for detailed guides on local testing, debugging, and consent management.

Learn how Formo handles onchain attribution and data collection.

Join the Formo community Slack channel for help and questions.

pnpm install
pnpm build

pnpm test

This project uses OIDC Trusted Publishing for secure, automated npm releases. No manual token management required!

1. (Optional) Preview release notes:

   pnpm preview-release

   This shows what the release notes will look like based on commits since the last tag.

2. Update the version in package.json:

   npm version patch  # For bug fixes (1.24.0 → 1.24.1)
   npm version minor  # For new features (1.24.0 → 1.25.0)
   npm version major  # For breaking changes (1.24.0 → 2.0.0)

   Note: npm version automatically:

   • Updates package.json with the new version
   • Updates src/version.ts with the new version (via the version script)
   • Creates a git commit with the changes
   • Creates a version tag (e.g., v1.24.1)

3. Push the commit and tag:

   git push --follow-tags
   # or separately:
   # git push && git push --tags

   Important: You must push both the commit AND the tag. Use --follow-tags to push both in one command.

4. Automatic workflow execution:

   • GitHub Actions workflow triggers on the v* tag
   • Builds and tests the package
   • Publishes to npm using OIDC (no tokens needed!)
   • Creates a GitHub release with:
     • Changelog from git commits
     • Installation instructions
     • CDN usage examples
     • SRI hash for secure CDN usage

• npm: @formo/analytics@<version>
• GitHub Release: Tagged release with changelog and SRI hash
• CDN: https://cdn.formo.so/analytics@<version>
• Provenance: Automatically generated cryptographic attestations

✅ OIDC Trusted Publishing - No long-lived tokens
✅ Automatic Provenance - Cryptographic proof of build authenticity
✅ SRI Hash - Subresource integrity for CDN usage
✅ Secure by Default - Short-lived, workflow-specific credentials

Learn more: npm Trusted Publishing Documentation

Contributions are welcome! Feel free to open fixes and feature suggestions.