Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
github.com/NicoCevallos/svelte-template
Looking for a shareable component template? Go here --> sveltejs/component-template
This is a project template for Svelte apps. It lives at https://github.com/NicoCevallos/svelte-template.
From time to time you will need to update some packages and/or configuration. Check out the How to update template guide.
To create a new project based on this template using degit:
npx degit NicoCevallos/svelte-template svelte-app
cd svelte-app
Note that you will need to have Node.js installed.
Alternatively, you can use GitHub's template feature with the svelte-template
Install the dependencies...
cd svelte-app
npm install
...then start Rollup:
npm run dev
Navigate to localhost:5000. You should see your app
running. Edit a component file in src
, save it, and reload the page to see
your changes.
By default, the server will only respond to requests from localhost. To allow
connections from other computers, edit the sirv
commands in package.json to
include the option --host 0.0.0.0
.
If you're using Visual Studio Code we recommend installing the official extension Svelte for VS Code. If you are using other editors you may need to install a plugin in order to get syntax highlighting and intellisense.
To create an optimised version of the app:
npm run build
You can run the newly built app with npm run start
. This uses
sirv, which is included in your package.json's
dependencies
so that the app will work when you deploy to platforms like
Heroku.
By default, sirv will only respond to requests that match files in public
.
This is to maximise compatibility with static fileservers, allowing you to
deploy your app anywhere.
If you're building a single-page app (SPA) with multiple routes, sirv needs to
be able to respond to requests for any path. You can make it so by editing the
"start"
command in package.json:
"start": "sirv public --single"
This template comes with a script to set up a TypeScript development environment, you can run it immediately after cloning the template with:
node scripts/setupTypeScript.js
Or remove the script via:
rm scripts/setupTypeScript.js
Install vercel
if you haven't already:
npm install -g vercel
Then, from within your project folder:
cd public
vercel deploy --name my-project
Install surge
if you haven't already:
npm install -g surge
Then, from within your project folder:
npm run build
surge public my-project.surge.sh
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.