cfman: Multi-Account Cloudflare CLI
The Problem
I built cfman because I was frustrated. Managing multiple Cloudflare accounts meant constantly switching environment variables, hunting for tokens, and praying I didn't accidentally deploy to the wrong account.
Wrangler's built-in features didn't fit my workflow—I needed something fast, secure, and developer-friendly. So I built it myself, and after seeing other devs struggling with the same problem, I decided to open-source it and make it bulletproof.
Architecture & Design
cfman uses a three-layer architecture:
Secure Token Storage
Tokens are the crown jewel—they never touch logs, environment variables, or shell history. Here's exactly how cfman stores them:
Core Features
Add, List, Remove Accounts
All token operations are validated and user-confirmed. Account names are case-sensitive and stored in a JSON file with strict access controls.
Security & Supply Chain
After seeing community interest, I invested heavily in making cfman production-grade. Every release is cryptographically verified from source to npm registry.
GitHub Actions: Verified Builds
All builds run in GitHub Actions with signed commits and build attestation. Every workflow run is logged and publicly auditable.
The CI/CD pipeline enforces strict build requirements: type checking, linting, testing, and code review before any release can happen.
NPM Provenance: Cryptographic Trust
npm package is cryptographically linked to GitHub source via provenance attestation. You can verify that the code you're running came directly from the repository.
This means no intermediaries can tamper with the package between GitHub and npm registry. The chain of trust is mathematically proven.
Code Quality & Dependencies
Only 5 production dependencies, all well-maintained and audited:
- chalk: Terminal colors
- commander: CLI parsing
- execa: Process execution
- inquirer: Interactive prompts
- ora: Loading spinners
Minimal attack surface. Each dependency is specifically chosen for reliability and security. The entire tool is bundled into a single file, eliminating supply chain complexity.
Core Features in Action
Technical Stack
Architecture
- Runtime: Node.js 18+
- Language: TypeScript with strict type safety
- Build: tsup (fast, optimized bundling)
- Process: execa (better than child_process)
CLI Framework
- Parser: Commander.js (robust, well-maintained)
- Prompts: Inquirer.js (beautiful interactive CLI)
- Colors: Chalk (terminal output styling)
- Loading: Ora (spinners and progress)
Distribution
- Registry: npm (with provenance)
- Format: Single bundled executable
- Permissions: Auto-chmod +x on build
- Size: ~15MB bundled (all deps included)
Why cfman?
Before cfman: Wrestling with environment variables, manually copying tokens, constant fear of deploying to wrong account
With cfman: One command, right account, secure tokens, zero mental overhead
Key Benefits
- Secure by Default: Tokens never leave your machine, strict permissions, no logging
- Zero Friction: Drop-in replacement for Wrangler, works with any existing command
- Beautiful UX: Interactive prompts, colored output, helpful error messages
- Open Source: Fully transparent, auditable code, community-driven development
Getting Help
cfman has built-in help for every command:
Resources:
- GitHub Repository
- NPM Package
- Report Issues