Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@bigbinary/neeto-approvals-frontend
Advanced tools
neetoApprovals is a library that manages approvals across neeto products.
neetoApprovals has a few peer dependencies that are required for the proper functioning of the package. Install all the peer dependencies using the below command:
yarn add @bigbinary/neeto-icons@1.8.46 @bigbinary/neetoui@4.1.33 axios@1.2.1 classnames@2.3.2 formik@2.2.9 ramda@0.28.0 react-router-dom@5.3.3 react-toastify@8.2.0 react-query@3.39.2 yup@0.32.11
Now install the latest neetoApprovals package using the below command:
yarn add @bigbinary/neeto-approvals-frontend
import React from "react";
import { routes } from "common/routes";
import { BrowserRouter, Redirect, Route, Switch } from "react-router-dom";
import { ToastContainer } from "react-toastify";
import SideBar from "./Common/SideBar";
import { Approvals } from "neetoapprovals";
const Main = () => (
<BrowserRouter>
<div className="flex">
<SideBar />
<Switch>
<Route
path={routes.approvals}
render={() => (
<Approvals
config={{
approvalsPath: routes.approvals,
visibilityOptions: [],
templateUrl: "templatesUrl",
requestUrl: "requestsUrl",
breadcrumbs: [
{ text: "Settings", link: routes.settings },
{ text: "General settings", link: routes.settings.general },
{ text: "Approvals" },
],
}}
/>
)}
/>
<Redirect to={routes.approvals} />
</Switch>
</div>
<ToastContainer />
</BrowserRouter>
);
export default Main;
The configurations for the components present in this NPM package are given below. Click on them to read more:
Install all the dependencies by executing the following command
yarn install
See the changes in the example app by executing the following command:
yarn dev
The @bigbinary/neeto-approvals-frontend
package gets published to NPM when we
merge a PR with patch
, minor
or major
label to the main
branch. The
patch
label is used for bug fixes, minor
label is used for new features and
major
label is used for breaking changes. You can checkout the
Create and publish releases
workflow in GitHub Actions to get a live update.
In case if you missed to add the label, you can manually publish the package.
For that first you need to create a PR to update the version number in the
package.json
file and merge it to the main
branch. After merging the PR, you
need to create a
new github release
from main branch. Whenever a new release is created with a new version number,
the github actions will automatically publish the built package to npm. You can
checkout the Publish to npm
workflow in GitHub Actions to get a live update.
Please note that before publishing the package, you need to verify the
functionality in some of the neeto web-apps locally using yalc
package
manager. The usage of yalc is explained in this video:
https://youtu.be/QBiYGP0Rhe0
FAQs
To manage approvals across neeto products.
The npm package @bigbinary/neeto-approvals-frontend receives a total of 138 weekly downloads. As such, @bigbinary/neeto-approvals-frontend popularity was classified as not popular.
We found that @bigbinary/neeto-approvals-frontend demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.