Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@air/icons
Advanced tools
@air/icons
Source of truth for SVG icons used at Air. Published as an NPM library for React consumers.
yarn add @air/icons
Download your SVG to any location on your computer. Note the location as you will need it in the next step.
Run yarn workspace @air/icons run add:icon {path/to/icon}
and follow the prompts.
Ensure the icon is loaded correctly into the component: Add the correct props to the <path>
tag
svg
element itself.<path>
has no stoke
or fill
, you need to add fill="currentColor"
to it.<path>
has a defined fill
and it's value isn't "currentColor"
, change it to that.<path>
has a defined stroke
or other stroke-*
properties, set stroke
's value to "currentColor"
Run yarn build
to map the newly added icons
yarn storybook
to go and see the result of your work in Storybook.
Every component accepts all props that you'd expect an inlined svg
to accept in a React environment. This includes className
, style
, fill
, width
, height
, etc.
import { Check } from '@air/icons';
// ... later on, in some render method
<Check fill="#000000" width="24px" height="24px" />
Please render the SVG inline into your application. Be sure that aria-hidden="false"
and also apply an id
to the <title>
aspect of the SVG. Lastly, give the value of that id
to the attribute aria-labelledby
on the actual <svg>
.
This repository is for uniformly behaving, customizable icon sets. Please deal with the SVGs yourself.
You'll want to make a custom component in your application. Please deal with the SVGs yourself.
fill
attribute on the actual <svg>
...Note that fill
is transformed to be currentColor
. All you'll need to do is ensure the icon is rendered in a parent element whose CSS property color
is defined.
There are many situations where this repository won't help, as outlined above. If instructed to deal with SVGs yourself (in your application context), you have two options.
Render SVGs inline - nothing wrong with that! Consider still using SVGO to optimize your SVG.
Integrate svgr into your application, steal our SVGO "format" config, and simply manage the implementation yourself. Why the "format" config in a webpack tool? In this repo, we use the format config to minify IDs because it has the context of the filename for prefixing the IDs and keeping them unique. Our bundle config doesn't minify IDs because it assumes they've already been prefixed properly to ensure there are no ID collisions for consumption of multiple SVGs on one page.
Using React Native? Import the SVG files inside your components using a package like react-native-svg-transformer.
FAQs
Air's iconography
The npm package @air/icons receives a total of 703 weekly downloads. As such, @air/icons popularity was classified as not popular.
We found that @air/icons demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.