Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@bayou/client-bundle
Advanced tools
The Arugula client code makes use of "CSS modules" so that our CSS can be broken up into smaller files. This also gives us the ability to easily control what styles are active in the DOM, and when.
When the CSS loaded processes a .css
file it transforms the class
names to globally unique values. This is to avoid naming collisions
with other modules. When you import the CSS module into JavaScript
you end up with an object that maps the class names that were in the
CSS file to the unique name.
/* some-component.css input */
.megaheader {
font-weight: 900;
color: black;
}
/* some-component.css after going through the CSS loader */
._zalksdjflasjfowi4r39485 {
font-weight: 900;
color: black;
}
/* some-component.js */
import styles from './some-component.css';
// `megaheader` class now active in the DOM
const header = document.createElement('p');
/*
header = {
megaheader: '_zalksdjflasjfowi4r39485'
}
*/
header.classList.add(styles.megaheader);
document.body.appendChild(header);
If the name of the CSS input file ends with .ucss
(use()
-able CSS) then it
will not be automatically added to the DOM. Instead, it will rely on
explicit reference counting increments/decrements. If the reference count
is greater than zero then the styles are added to the DOM. If the count
returns to zero then the styles are removed from the DOM.
/* some-component.ucss input */
.selectedBorder {
border-color: red;
}
.unselectedBorder {
border-color: black;
}
/* some-component.js */
import styles from './some-component.ucss';
// Border classes not active in the DOM yet.
export default class SomeComponent {
...
lifecycleBegin() {
// Increment reference count. If count was zero before the call then
// the style classes are added to the DOM.
styles.use();
}
lifecycleEnd() {
// Decrement the reference count. If the count is reduced to zero after
// the call then the style classes are removed from the DOM.
styles.unuse();
}
}
Copyright 2016-2018 the Bayou Authors (Dan Bornstein et alia).
Licensed AS IS and WITHOUT WARRANTY under the Apache License,
Version 2.0. Details: <http://www.apache.org/licenses/LICENSE-2.0>
FAQs
Subcomponent of the Bayou project.
The npm package @bayou/client-bundle receives a total of 4 weekly downloads. As such, @bayou/client-bundle popularity was classified as not popular.
We found that @bayou/client-bundle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.