Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@amboss/design-system
Advanced tools
📄 Browse the design system (Storyboard documentation)
Development
Ensure that you are using npm
>= 7.0.0 before running npm install
To start the project run npm run start
To generate a new component run npm run component myComponentName
Building the package
To build the package run npm run build
Building storybook
To build storybook run npm run build-storybook
Publishing
minor
, major
or patch
label to your PR to specify release type.skip-release
label to skip the releaseGenerating mobile tokens
npm run tokens:ios
npm run tokens:android
1. Tech stack
2. Linting
3. Folder structure
4. Build
5. Tokens, styles and theming
6. Assets
7. Media queries
As for linting and formatting, you can configure your editor to automatically lint and format your code on save. For this purpose, we're using Prettier and ESLint. If you need to do it manually, you can run:
npm run lint
This command is also run as a pre-push hook and in the pipeline.
|-- .storybook
|-- components
|-- ColorGrid.tsx
|-- SizeGrid.tsx
|-- main.js
|-- preview.js
|-- assets
|-- fonts
|-- Lato.woff
|-- build (autogenerated)
|-- build-tokens (autogenerated)
|-- android
|-- design_system_color.xml
|-- ios
|-- DesignSystemColorTokens.swift
|-- scss
|-- _theming.scss
|-- _variables.scss
|-- assets
|-- icons.json
|-- icons16.json
|-- _colors.json
|-- _sizes.json
|-- visualConfig.ts
|-- docs
|-- Design-principles.mdx
|-- static
|-- image-for-storybook.png
|-- tokens
|-- global
|-- themes
|-- dark.json
|-- light.json
|-- assets.json
|-- colors.json
|-- web
|-- component
|-- dark.json
|-- light.json
|-- android
|-- opacity.json
|-- ios
|-- opacity.json
|-- src
|-- index.ts
|-- components
|-- Button
|-- Button.tsx
|-- Button.stories.tsx
|-- Button.test.tsx
|-- shared
-- mediaQueries.ts
|-- types
|-- index.ts
There are 3 stages of a build.
In order to structure our tokens we use style-dictionary.
This tool is used for creation a content of ./build-tokens
folder where we keep all the scss variables and mixins.
New variables and mixins gets generated automaticaly:
npm run start
is runningYou can generate tokens manually using npm run tokens:web
and npm run tokens:watch
We use tokens to control the most atomic values in styles and themes.
How does it work?
We have a set of .json files that are located in ./tokens
folder, and we have a style-dictionary
as a tool for converting .json in to various formats.
For example:
We have a file - ./tokens/global/light|dark.json
that gets converted into part of ./build-tokens/visualConfig.ts
.
visualConfig.ts
is used later as a source for emotion.js theme.
The configuration for style-dictionary
is inside ./style-dictionary/{platformName}/{platformName}.sd.config.json
. In this config we use some custom transforms, filters and formatters, all of them defined in corresponding files of platform folders.
custom/format/emotion-visual-config - a formatter that generates visualConfig.ts that contains all variables and themed values.
custom/filter/emotion-build-tokens - a filter for all token categories that should go to visutal config.
custom/format/json - a formatter for generation .json files per category. This formatter also add isUsed
flag to according token.
custom/format/sub-theme-types - a formatter that generates type definitions for sub-themes.
custom/assets/svg - a transformer that adds a path name to dictionary of svg icons.
More about tokens, themes and styles.
Before publishing the design system for NPM, we run npm run build
. This runs the script at ``bundles everything that is exported from.ts
and.tsx
files within the source.
For this, we use tsup
, which runs esbuild
under the hood. We also use a lenient browserslist config to ensure compatibility with older browsers.
For styles, we use emotion.js.
What in the bundle?
.tsx
files (includes common components and emotion.js styled components)fonts that are base64-ed currently taken off the build
Currently, we have 4 types of tokens:
.json
fileAs we use Emotion.js all tokenized values are accessible via theme provider.
Basically during the build phase we generate big objects of variables and themed values for each theme (currently light and dark).
We call this object ambossVisualConfiguration
.
Particular themes from ambossVisualConfiguration
has to be imported and passed to the theme provider at the consumer side.
Atomic values are straight forward and simply converted to variables
.
After build all atomic values are passed to theme.variables
by emotion.
Example:
const StyledContainer - styled.div(
({ theme }) => ({
marginTop: theme.variables.size.spacing.s
})
);
Theme tokens are little more complex. We generate separate VisualConfig for each theme, but together with that we generate type definition that describe any of the themes. This enables developers not care about current theme and how many themes are there.
After build all themes values are passed to theme.values
by emotion.
Example:
const StyledContainer - styled.div(
({ theme }) => ({
backgroundColor: theme.values.color.background.primary.default
})
);
Sub-themes are following the same concept as themes. Developer can fully rely on theme.values
object. As long as component in runtime is wrapped in SubThemeProvider
and its tokens listed in "tokens/themes/sub-themes/...", all values will be set correctly and automatically.
Note that not all tokens are enabled in sub-themes. Make sure to add missing ones to "tokens/themes/sub-themes/...".
Components that have a "Sub-themed" badge are already in.
tokens/assets.json
json
file with tokens (/build-tokens/assets/
)json
files supposed to be imported in the ts module (see Icons.tsx
)d.ts
filed in the build we "manually" copy asset json
s on the postbuild
phase (see package.json
)There is an API for media-query related props: an array of 3 elements [small, medium, large], for respective screen sizes.
For example <Box space=["xs", "xl", "xxl"] />
will set xs
for small screens, xl
for medium screens and xxl
for large.
Basically, if you see a type of MQ<Whatever>
you can provide an array of 3 Whatever
s.
In order to add a media query support to your components:
import React from "react";
import styled from "@emotion/styled";
import { mq } from "../../shared/mediaQueries";
type TextAlignment = "left" | "center" | "right";
type BoxProps = {
alignText: TextAlignment | MQ<TextAlignment>;
};
export const Box = styled.div<BoxProps>(({ alignText = "left" }) =>
mq({
textAlign: [alignText, { left: "left", right: "right", center: "center" }],
})
);
In order to use emotion-enabled DS components in the shadow-dom, you need to take some steps to 'link' the styles in the light-dom (these are added by emotion using CSSStyleSheet.insertRule() which is why appears empty in the DOM).
emotion-js/emotion#1366 https://emotion.sh/docs/cache-provider https://stackblitz.com/edit/emotion-shadow-dom-example?file=ShadowDomContainer.js https://developer.mozilla.org/en-US/docs/Web/API/CSSStyleSheet/insertRule
import {
ThemeProvider,
light,
Card,
H1,
CacheProvider,
createCache,
} from "@amboss/design-system";
class SuchShadow extends HTMLElement {
connectedCallback() {
const root = document.createElement("div");
this.attachShadow({ mode: "open" });
this.emotionCache = createCache({ container: this.shadowRoot });
render(
<ThemeProvider theme={light}>
<CacheProvider value={this.emotionCache}>
<Card>
<H1>I love you shadow unicorn!!!</H1>
</Card>
</CacheProvider>
</ThemeProvider>,
root
);
}
}
customElements.define("shadow-element", SuchShadow);
FAQs
the design system for AMBOSS products
We found that @amboss/design-system demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.