Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@balena/doxx
Advanced tools
Originally created as part of the balena.io documentation repository, the code is now extracted and generalized.
Doxx is an opinionated yet flexible static generator for technical documentation.
Doxx was created at balena.io to address the requirements (some of them unique) we have for our docs:
All documentation is written in Markdown. To create a new page of documentation, add it to pages/
and add a link to config/navigation.txt
.
To create reusable content which appears on multiple pages, create a file in the shared/
folder and import it using {{> file.md }}
Doxx allows the creation of dynamic documentation pages. These are pages which are generated based on options selected by the user. For example, you may wish to change the content of a 'Getting started' page for different language and OS combinations. Each dynamic page has one or more dropdowns at the top of the page which enumerate the various options.
A dynamic page looks very much like a normal page but with a special header and a larger-than-average amount of shared content.
Here is an example header for a dynamic page with two variables:
---
dynamic:
variables: [ $os, $language ]
ref: $os/$language/$original_ref
$switch_text: View documentation for $os and $language
---
variables
is self-explanatory: a list of the variables that the user can change. ref
is the path of the page, as used in config/navigation.txt
. switch_text
is what appears at the top of the page with the dropdowns. Variables should be set up in /config/dictionaries/
so that each variable has an id
and a name
.
There are two main ways the variables can affect the contents of the page: smart import and conditional statements.
Smart import lets you write shared content snippets which are chosen based on the value of the variables selected by the user. Choose a name for the snippet and create a folder in shared/
with that name.
To include a smart import, add {{ import "<name of snippet>"}}
to the Markdown.
This will look in the shared folder with the name of the snippet and import files with the following precedence:
Exact matches: Doxx will first look for a file of the form variable1+variable2.md
. For example, in a page where the user can choose an OS and a language, if the user has chosen osx
and javascript
then Doxx will import the file osx+javascript.md
. The order is important here: it is the order defined in the variables list in the header of the dynamic page.
Matches for a single variable: if there is no file with that name, Doxx will then look for a file of the form variable1.md
and then variable2.md
. For the example above, if a file called osx.md
exists then Doxx will import that, and if not then it will look for and import a file called javascript.md
. Again the order of precedence is determined by the order the variables are defined in the header.
Default: if no exact or partial match is found, Doxx imports _default.md
.
The left-hand side navigation menu is set up in config/navigation.txt
, which defines a tree of pages.
Each node can be:
Some text
, which acts as a link to its first child[/some/link]
, which gets its title from the linked pageSome text[/some/link]
The project is licensed under the Apache 2.0 license.
1.0.3 - 2022-12-28
FAQs
Doxx — a static docs generator with dynamic pages support.
We found that @balena/doxx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.