Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
github.com/manifoldco/ui
- Version published
- Created
🍱 Manifold UI
Manifold’s Web Component UI library, powered by Stencil.
Installation
npm i @manifoldco/ui
Usage
Manifold UI can be used in any frameworkless project (“vanilla” JS), or any modern framework like React, Vue, or Angular.
| Framework | Supported? |
|---|---|
| Vanilla JS (no framework) | ✅ |
| Angular | ✅ |
| React | ✅ |
| Vue | ✅ |
| Ember | ✅ |
In any setup, you can use our CDN for UI:
<!-- latest (beware of breaking changes!) -->
<script src="https://js.cdn.manifold.co/@manifoldco/ui/dist/manifold.js"></script>
<!-- specific version -->
<script src="https://js.cdn.manifold.co/@manifoldco/ui@0.6.0/dist/manifold.js"></script>
HTML (ES Modules)
<head>
<link
rel="stylesheet"
type="text/css"
href="https://js.cdn.manifold.co/@manifoldco/ui/dist/manifold/manifold.css"
/>
</head>
<body>
<manifold-marketplace></manifold-marketplace>
<script type="module">
import { defineCustomElements } from 'https://js.cdn.manifold.co/@manifoldco/ui/dist/esm/es2017/manifold.define.js';
defineCustomElements(window);
</script>
</body>
HTML (No ESM Support)
<head>
<link
rel="stylesheet"
type="text/css"
href="https://js.cdn.manifold.co/@manifoldco/ui/dist/manifold/manifold.css"
/>
</head>
<body>
<manifold-marketplace></manifold-marketplace>
<script src="https://js.cdn.manifold.co/@manifoldco/ui/dist/manifold.js"></script>
</body>
React
import React from 'react';
import ReactDOM from 'react-dom';
import '@manifoldco/ui/dist/manifold/manifold.css';
import(/* webpackChunkName: "manifold-ui" */ '@manifoldco/ui/dist/loader').then(
({ defineCustomElements }) => defineCustomElements(window)
);
const App = () => <manifold-marketplace />;
ReactDOM.render(<App />, document.getElementById('root'));
TypeScript + JSX setup
When using UI with TypeScript, you’ll likely see an error like this:
Property 'manifold-connection' does not exist on type 'JSX.IntrinsicElements'
To solve that, create a custom-elements.d.ts file somewhere inside your project (must be inside
the include option in tsconfig.json):
import { Components, JSX as LocalJSX } from '@manifoldco/ui/dist/loader';
import { DetailedHTMLProps, HTMLAttributes } from 'react';
type StencilProps<T> = {
[P in keyof T]?: Omit<T[P], 'ref'>;
};
type ReactProps<T> = {
[P in keyof T]?: DetailedHTMLProps<HTMLAttributes<T[P]>, T[P]>;
};
type StencilToReact<T = LocalJSX.IntrinsicElements, U = HTMLElementTagNameMap> = StencilProps<T> &
ReactProps<U>;
declare global {
export namespace JSX {
interface IntrinsicElements extends StencilToReact {}
}
}
This will expose the types from Stencil to JSX, and you’ll be able to get typechecking as you write.
Ember, Angular, Vue, and others
Initializing Manifold UI works the same as any other Stencil project. For more advanced instructions on integrating with your specific stack, please refer to Stencil’s docs on integration.
FAQs
Unknown package
Package last updated on 17 Jul 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025