Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
@avalabs/core-k2-components
Advanced tools
K2 Component Library 🏔
Storybook:
https://k2-components.pages.dev
Figma:
https://www.figma.com/file/TV71q8pCAuhfd9ChvYUXZ6/Design-System
Getting started
To view the Storybook & Docs locally:
pnpm i # install dependencies
pnpm storybook
To install as a dependency:
pnpm add @avalabs/core-k2-components
# or
yarn add @avalabs/core-k2-components
# or
npm i @avalabs/core-k2-components
Release process
The project uses semantic versioning and an automated release process to maintain the version number. The process
should be to create a feature branch off of develop. Once your feature is complete you create a PR into develop. The develop branch will
run tests and upon passing it will cut an alpha release. You can install this alpha release, make sure it works and once verified develop can
be merged into main. The main branch will run the same process but the end result will be an official release.
To install the latest alpha release, once the build has finished, run pnpm add @avalabs/core-k2-components@develop. To install the latest
stable release simply run pnpm add @avalabs/core-k2-components.
The releases and their versions are based off of the commit messages. As a result it is important that you create commitizen friendly commit messages. The
format for these commit messages is as so type(scope): your message. For help with this you can use the cli tool by running npx git-cz.
To trigger a release manually without a code change, push an empty commit with the appropriate commit message to trigger a version bump and release.
FAQs
The internal React component library of Ava Labs, based on MUI.
The npm package @avalabs/core-k2-components receives a total of 187 weekly downloads. As such, @avalabs/core-k2-components popularity was classified as not popular.
We found that @avalabs/core-k2-components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 01 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025