Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Home of the Ably design system library ([design.ably.com](https://design.ably.com)). It provides a showcase, development/test environment and a publishing pipeline for different distributables.
Note: some features are still in development and their documentation might be incomplete. Lookout for the ⚠️ icon.
ably-ui
is the of home of the Ably design system library (https://ably-ui.herokuapp.com/). It provides a showcase, development/test environment and a publishing pipeline for different distributables.
ably-ui
is a library built in mind with supporting a variety of websites/apps based on core web technologies. That's why where possible we build based on those but publish in a way that is easy to consume for frameworks we use across our properties.
As an example, the Logo
component has two templates, for a React component and view-component but uses the same CSS classes and same JavaScript hooks (data-id
).
In some cases, this is impractical. Some components will be more specialized and take advantage of a given framework, and we will have no need to make it available in multiple frameworks (for example, something that is only used within signed in, SPA like areas).
The library is built out of modules, assets, JavaScript & ruby modules and components. A module is a container for all of those.
For example, the core
module provides the most general elements one can build the “chrome” of a web-based interface — typography, colours, spacing (i.e., containers) etc. The components within the module support our most common needs to build that “chrome”, like navigation elements, footer, hero sections, code samples etc. Assets, JavaScript & ruby modules are all shared between the components in the module.
Components do not require assets directly — instead, it's up to the consumer to load the assets and pass them to the components. This ensures flexibility in terms of URLs.
Each module, apart from components, exposes a scripts.js
, styles.css
and MODULE_NAME.rb
files. scripts.js
contains helper functions, MODULE_NAME.rb
contains modules that components can include. styles.css
contains CSS that does not belong to any module in particular.
This type of installation gives you access to module/components assets as well as React components.
npm install @ably/ui
# or
yarn add @ably/ui
To attach the imported JavaScript from the Core
module to the window
object:
import "@ably/ui/core/scripts";
// AblyUi.Core is now available on window
To import an es6 core
module and expose nothing to window:
import ablyUiCore from "@ably/ui/core/scripts";
To import the JavaScript for an Accordion
component:
import Accordion from "@ably/ui/core/accordion/component";
If your bundler supports CSS importing, you can import it as well:
import "@ably/ui/core/styles.css";
Currently, AblyUI CSS is built to work with TailwindCSS. To integrate it into your app:
tailwind.config.js
. Note how different config properties are always extended by the ablyUIConfig
:const extendConfig = require("@ably/ui/tailwind.extend.js");
module.exports = extendConfig((ablyUIConfig) => ({
...ablyUIConfig,
purge: {
content: [
...(relative - globbed - paths - to - your - templates),
...ablyUIConfig.purge.content,
],
options: {
...ablyUIConfig.purge.options,
},
},
}));
@import "tailwindcss/base";
@import "tailwindcss/components";
@import "tailwindcss/utilities";
@import "@ably/ui/reset/styles.css"; /* needed as we disable the default Tailwind reset */
@import "@ably/ui/core/styles.css"; /* styles for core module components and more */
@import "@ably/ui/core/Meganav/component.css";
@import "@ably/ui/core/ContactFooter/component.css";
Note that depending on the component, you might still need to include CSS & JS for it:
import Meganav from "@ably/ui/core/Meganav";
To use ably-ui
with Ruby on Rails add the ably-ui
gem to your Gemfile
:
gem 'ably-ui',
'1.0.0',
require: 'ably_ui'
Components are exposed as View Components and should be available in any view:
<%= render(AblyUi::Core::Meganav.new) %>
Note that this loads neither CSS nor JS — these need to still be loaded by a bundler like webpack.
Putting SVG files inside and src/MODULE_NAME/icons
folder will add them to a per-module sprites file that will be available at the root of the module (e.g., core/sprites.svg
). This file can be loaded with the loadSprites
helper available in the core
module or include in the page directly.
Usage with the Icon
React component:
<Icon name="icon-display-live-chat" size="3rem" additionalCSS="block mb-16" />
Usage with Icon
VW component:
<%= render(AblyUi::Core::Icon.new(name: "icon-gui-disclosure-arrow", size: "1rem", additional_css: "align-middle transform rotate-180 mr-4")) %>
Usage without a component:
<!-- The width and height are required for correct sizing. The actual color class might depend on the svg and whether it uses strokes, fills etc. Note as well xlink:href, which is xlinkHref in react. -->
<svg class="w-12 h-12 text-cool-black">
<use xlink:href="#sprite-disclosure-arrow" />
</svg>
Usage without a component, in React, with hover states. Note the group class:
<a
href="{url}"
className="text-gui-default hover:text-gui-hover focus:text-gui-focus group"
>
{children}
<svg className="w-12 h-12 transform -rotate-90 align-top ui-icon-dark-grey group-hover:icon-gui-hover group-focus:icon-gui-focus ml-4">
<use xlinkHref="#sprite-disclosure-arrow" />
</svg>
</a>
See https://ably-ui.herokuapp.com/components/icon for more details.
Font assets are not included automagically but are part of the repo, together with an example of font-face file; see src/core/fonts
for examples. Make sure to include the licence file declaration on usage.
See preview/app/javascript/styles/application.css
for an example when using webpacker/rails.
Because the gem directories are on the asset path (see Importing ViewComponent (Rails) components section), they will work with standard asset helpers (i.e., asset_path
).
An important part of ably-ui is ensuring the produced UI is accessible to as wide range of users as possible. All components should adhere to at least AA accessibility standards. In most cases, this can be accomplished by following a few simple rules:
— use the correct HTML elements: anchors for navigation, buttons for interacting, lists for lists etc
The repository includes a “preview” app, which is serves both as a showcase and development environment.
To use, first make sure you install dependencies both for the library and the “preview” app:
yarn && bundle
cd preview
yarn && bundle
Then, from the root of the repository, run:
yarn dev
This will run the app and use the published versions of the ably-ui
, specified in preview/Gemfile
and preview/package.json
NPM package.
It's possible to use the local version of ably-ui in the “preview” app. Enabling this, requires separate steps for the npm
and ruby
packages.
For npm
:
# in the root directory
yarn link
# in the the "preview" directory
yarn link @ably/ui
For ruby
:
In preview/Gemfile
replace source: "https://rubygems.pkg.github.com/ably"
with path: '../'
and run:
# in preview
bundle --no-cache
Why not bundle config set local.ably-ui ../
? Because that feature is built around the local gem being a separate repo, and works poorly with our config.
A caveat of this approach is that the change preview/Gemfile
should not be committed, as it will cause the remote app to not build.
If at anytime you don't want to use the local NPM package and/or gems any more, you can do:
# in "preview" directory
yarn unlink @ably/ui
Then change back path
to source source
in the Gemfile
. If you need to update Gemfile.lock
without installing gems, you can run bundle lock
.
Make sure you commit & push your work and remove the development-specific config before doing this.
You will need to authenticate with npmjs and Ruby Gems to publish.
After the above, you should have:
.npmrc
file to read NPM_TOKEN from your environment like this:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
~/.gem/credentials
file that has your Rubygems API key:
---
:rubygems_api_key: REPLACE_THIS_WITH_YOUR_OWN_API_KEY
To deploy a review app with your in-progress code, you can use the pre-release
script:
# in root
./pre-release
This will do a couple of things:
— update your local dependencies for ably-ui and run a production build — release a gem and a NPM package with the version built from your current SemVer but adding a pre-release tag based on a short SHA of your HEAD commit
This will trigger a build of the review app.
Components and modules contain JS and CSS files, but no templates. Instead, for each framework that a given component supports, a separate "framework template" is created. A component can still be used in any other framework by just using it's required assets.
All components live in src
and follow a directory and filename convention:
scripts.js
for JavaScript and styles.css
for CSScomponent.js
- this is the entry file for a component and is the only required filecomponents.css
- additional CSScomponent.rb
and component.html.erb
components.jsx
For example:
- Core
- script.js
- styles.css
- Accordion
- component.rb
- component.html.erb
- component.js
- component.css
- component.jsx
If using positioning any other than static, be mindful of creating stacking contexts. In properties.css
you'll find the z-index
values for the HTML stacking context (used by components like the meganav). When creating a new one within your component, hoist the z-index values to the selector that creates the stacking context and define z-index
values there for easy scanning (see https://www.oreilly.com/library/view/developing-web-components/9781491905685/ch04.html for a good write-up on stacking contexts and z-index.).
By default, Prettier & ESLint will handle most of the frontend files. You can use them through your editor (which should pick up the relevant config files) or on the command line (see scripts
in package.json).
Neither handles erb
and rb
files. The only config for those files is at the moment in editorconfig
.
Until we have set up formatting scripts for erb
it's worth setting up htmlbeautifier for your editor (for example with https://github.com/aliariff/vscode-erb-beautify if you use VS Code) and tracking this issue in Prettier, as Prettier is much faster and hopefully will get support for erb
.
modules-config.js
src
, in the module of your choice. The folder name should be TitleCase.component.js
component.css
file as well. Add @layer components {}
to its contents. Import the CSS file in component.js
component.rb
and component.html.erb
components.jsx
preview/app/javascript/packs/application.js
and add as input to the reactRenderer
preview/app/javascript/styles/application.css
preview/app/views/components
, with a _react
suffix, i.e. my_component_react.html.erb
component.rb
)preview/app/javascript/styles/application.css
preview/app/views/components
, with a _vw
suffix, i.e. my_component_vw.html.erb
preview/app/views/components/my_component_vw.html.erb
) and initialize:<% content_for :component do %>
<%= javascript_include_tag 'ably_ui/core/my_component/component' %>
<script type="text/javascript">
document.addEventListener("DOMContentLoaded", () => {
const container = document.querySelector("[data-id=my_component]");
AblyUI.Core.MyComponent(container);
});
</script>
<% end %>
We use Semantic Versioning 2.0.0 to version different library versions.
Packages are published to the GitHub private registry.
Publishing is done by tagging a release in GitHub. This triggers a GitHub action that pushes to the private NPM and gem registries as well as publishing new artefacts in the CDN, with the version taken from the tag of the GitHub release. ⚠️
This will trigger GitHub actions in supported apps (currently Voltaire & Website) to create a PR with an ably-ui version update.
To trigger a release:
./pre-release.sh
(This updates the gem and the npm package version for ably-ui in the following files Gemfile
, package.json
, version.rb
).main
after it has been approved.v
Actions
tab in the repo to make sure the release is green.This will release the packages, update library & preview app and create & push the commit & tag, and also create corresponding PRs in Voltaire & Website.
Note: If the version number of the gem has been yanked you will need to increment the version number.
The repo includes Cypress for snapshot, screenshot, parity and behaviour testing. Cypress runs against the "preview" server (e.g. the same server used for development).
Snapshot testing takes saves the DOM and compares it between runs - updating of snapshots can be done in the Cypress UI.
Screenshot testing takes a screenshot of a component and compares it between runs. Diffs are located in cypress/screenshots
. To update a screenshot, delete it.
Parity testing checks VW/React components; screenshots are taken of both versions and fail if they are different.
Behaviour testing clicks around the DOM and checks for singular elements on the page to be updated.
To run integration tests (using Cypress), you'll need to have the "preview app" running on port 5000, then run:
yarn cy:open
This will open the UI for Cypress, from which you can run the tests. Screenshots are saved in cypress/screenshots
.
FAQs
Home of the Ably design system library ([design.ably.com](https://design.ably.com)). It provides a showcase, development/test environment and a publishing pipeline for different distributables.
The npm package @ably/ui receives a total of 816 weekly downloads. As such, @ably/ui popularity was classified as not popular.
We found that @ably/ui demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.