Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@binary-com/smartcharts
Advanced tools
[![npm (scoped)](https://img.shields.io/npm/v/@binary-com/smartcharts.svg)](https://www.npmjs.com/package/@binary-com/smartcharts) [![Build Status](https://travis-ci.org/binary-com/SmartCharts.svg?branch=dev)](https://travis-ci.org/binary-com/SmartCharts)
SmartCharts is both the name of the app (charts.binary.com) and the charting library. You can install the library to your project via:
yarn add @binary-com/smartcharts # Release
yarn add @binary-com/smartcharts@beta # Beta
Important Note: the license for the library is tied to the binary.com
domain name; it will not work in github pages.
yarn install
to install dependenciesyarn start
to launch webpack dev serveryarn build
to build the libraryyarn build:app
to build the charts.binary.com appyarn analyze
to run webpack-bundle-analyzerNote: eventhough both
yarn build
andyarn build:app
outputssmartcharts.js
andsmartcharts.css
, they are not the same files. One outputs a library and the the other outputs an app.
In the app
folder, we provide a working webpack project that uses the smartcharts library. Simply cd
to that directory and run:
yarn install
yarn start
The sample app should be running in http://localhost:8080.
Refer to library usage inside app/index.jsx
:
import { SmartChart } from '@binary-com/smartcharts';
class App extends React.Component {
render() {
return (
<SmartChart
onSymbolChange={(symbol) => console.log('Symbol has changed to:', symbol)}
requestSubscribe={({ tick_history, granularity, ... }, cb) => {}} // Passes the whole request object
requestForget={({ tick_history, granularity, ... }, cb) => {}} // request object and cb is exactly the same reference passed to subscribe
// for active_symbols, trading_times, ... (NOT streaming)
requestAPI={({...}) => Promise} // whole request object, shouldn't contain req_id
/>
);
}
};
SmartCharts expects library user to provide requestSubscribe
, requestForget
and requestAPI
. Refer to API for more details.
The job of loading the active symbols or trading times or stream data from cache or retrieving from websocket is therefore NOT the responsibility of SmartCharts but the host application. SmartCharts simply makes the requests and expect a response in return.
Some important notes on your webpack.config.js (refer to app/webpack.config.js
):
index.html
). In the example we use the copy-webpack-plugin
webpack plugin to do this:new CopyWebpackPlugin([
{ from: './node_modules/@binary-com/smartcharts/dist/chartiq.min.js' },
{ from: './node_modules/@binary-com/smartcharts/dist/smartcharts.css' },
])
CIQ
(the ChartIQ library) as a global object:externals: {
CIQ: 'CIQ'
}
Note: Props will take precedence over values set by the library.
Props marked with *
are mandatory:
Props | Description |
---|---|
requestAPI* | SmartCharts will make single API calls by passing the request input directly to this method, and expects a Promise to be returned. |
requestSubscribe* | SmartCharts will make streaming calls via this method. requestSubscribe expects 2 parameters (request, callback) => {} : the request input and a callback in which response will be passed to for each time a response is available. Keep track of this callback as SmartCharts will pass this to you to forget the subscription (via requestForget ). |
requestForget* | When SmartCharts no longer needs a subscription (made via requestSubscribe ), it will call this method (passing in request and callback passed from requestSubscribe ) to halt the subscription. |
onSymbolChange | When SmartCharts changes the symbol, it will call this function, passing the symbol object as parameter. |
chartControlsWidgets | Render function for chart control widgets. Refer to Customising Components. |
topWidgets | Render function for top widgets. Refer to Customising Components. |
initialSymbol | Sets the initial symbol. |
isMobile | Switch between mobile or desktop view. Defaults to false . |
shareOrigin | Sets the origin of the generated share link. Defaults to https://charts.binary.com . |
onSettingsChange | Callback that will be fired each time a setting is changed. |
settings | Sets the chart settings. Refer to Chart Settings |
barriers | Draw chart barriers. Refer to Barriers API for usage details |
enableRouting | Enable routing for dialogs. Defaults to false |
Attribute | Description |
---|---|
showCountdown | Show Countdown. Defaults to false . |
theme | Sets the chart theme. themes are (dark|light ), and default is light . |
lang | Sets the language. Defaults to en . |
position | Sets the position of the chart controls. Choose between left and bottom . Defaults to bottom . |
assetInformation | Show or hide the asset information. Defaults to true . |
barriers
props accepts an array of barrier configurations:
<SmartChart
barriers={[{
color:'green',
shade:'above',
hidePriceLines: false, // default false
onChange:console.warn.bind(console),
}]}
/>
Attributes marked with *
are mandatory:
Attribute | Description |
---|---|
shadeColor | Barrier shade color; choose between green and red . Defaults to green . |
color | Price line color. Defaults to #000 . |
shade | Shade type; choose between NONE_SINGLE , NONE_DOUBLE , ABOVE , BELOW , OUTSIDE or BETWEEN . Defaults to NONE_SINGLE . |
hidePriceLines | hide/show the price lines. Defaults to false . |
lineStyle | Sets the style of the price lines; choose between dotted , dashed , or solid . Defaults to dashed . |
onChange | When price of high or low barrier changes (including when switched toggling relative or setting high|low ), onChange will pass the high and low barriers as { high, low } . |
relative | Toggle between relative and absolute barriers. Defaults to false . |
draggable | Toggles whether users can drag the price lines and change the barrier directly from the chart. Defaults to true . |
high* | Sets the price of the high barrier. |
low* | Sets the price of the low barrier. |
Markers provide a way for developers to place DOM elements inside the chart that are positioned based on date, values or tick location. Unlike CharIQ's Markers, we only allow markers to be placed on the main chart. Also note that this Marker implementation does not factor the width and height of the marker; this is expensive to calculate, so we expect you to offset this in CSS.
<SmartChart>
<Marker
x={new Date(2018, 5, 20)}
yPositioner="none"
className="chart-line vertical trade-start-line"
>
{/* Place marker content here */}
<div className="drag-line" />
<div className="trade-text">Trade Start</div>
</Marker>
</SmartChart>
Attribute | Description |
---|---|
className | Adds custom class name to marker. All markers have class name stx-marker . |
x | x position of the chart; depends on xPositioner . |
xPositioner | Determines x position. Choose between date or none . Defaults to date . |
y | y position of the chart; depends on yPositioner . |
yPositioner | Determines y position. Choose between value or none . Defaults to value . |
There are more options for xPositioner
and yPositioner
in ChartIQ docs. What we document here is the most common use case.
We offer library users full control on deciding which of the top widgets and chart control buttons to be displayed by overriding the render methods themselves. To do this you pass in a function to chartControlsWidgets
or topWidgets
.
For example, we want to remove all the chart control buttons, and for top widgets to just show the comparison list (refer app/index.jsx
):
import { ComparisonList } from '@binary-com/smartcharts';
const renderTopWidgets = () => (
<React.Fragment>
<div>Hi I just replaced the top widgets!</div>
<ComparisonList />
</React.Fragment>
);
const App = () => (
<SmartChart
topWidgets={renderTopWidgets}
chartControlsWidgets={()=>{}}
>
</SmartChart>
);
Here are the following components you can import:
<ChartTitle />
<AssetInformation />
<ComparisonList />
<CrosshairToggle />
<ChartTypes />
<StudyLegend />
<Comparison />
<DrawTools />
<Views />
<Share />
<Timeperiod />
<ChartSize />
<ChartSetting />
To contribute to SmartCharts, fork this project and checkout the dev
branch. When adding features or performing bug fixes, it is recommended you make a separate branch off dev
. Prior to sending pull requests, make sure all unit tests passed:
yarn test
Once your changes have been merged to dev
, it will immediately deployed to charts.binary.com/beta.
We organise the development in Trello. Here is the standard workflow of how a feature/bug fix is added:
Backlog
list. For each card added, it should have a "QA Checklist" (Add checklist to card) for QA to verify that the feature/bug fix has been successfully implemented.Next Release
and placed in Bugs/Todo
list.In Development
; otherwise it should be placed back into Bugs/Todo
list.Review
list.:
In Development
list. This back and forth continues until the reviewer passes the PR by marking it as approved
in Github.QA
list.In Development
list. If QA passes the changes, QA will place the card from QA
to Ready
; this card is now ready to be merged to dev
.dev
, it is placed in Deployed to BETA
list.beta
and deploy in production, manager will merge dev
into master
, and place all cards in Deployed to BETA
to Released
.Some issues only show up for library users, so it is helpful to test the NPM package before deploying it to library users. To do this we provide an environment in the app
folder, with its own package.json
, webpack.config.js
and index.html
. Calling yarn install
and yarn start
in the app
folder builds the SmartCharts library from the NPM library.
Now to test whether your change affect the NPM library, execute:
yarn watch --output-path './app/node_modules/@binary-com/smartcharts/dist'
Now each time you make any change, it will overwrite the SmartCharts library inside the node_modules
folder.
Note: We do not recommend this method of developing unless you are testing the NPM package, as it is very slow for development purposes.
There should be a clear distinction between developing for app and developing for library. Library source code is all inside src
folder, whereas app source code is inside app
.
Webpack determines whether to build an app or library depending on whether an environment variable BUILD_MODE
is set to app
. Setting this variable switches the entry point of the project, but on the same webpack.config.js
(the one on the root folder). The webpack.config.js
and index.html
in the app
folder is never actually used in this process; they serve as a guide to how to use the smartcharts library as an npm package. We do it this way to develop the app to have hot reload available when we modify library files.
All strings that need to be translated must be inside t.translate()
:
t.translate('[currency] [amount] payout if the last tick.', {
currency: 'USD',
amount: 43.12
});
t.setLanguage('fr'); // components need to be rerendered for changes to take affect
Each time a new translation string is added to the code, you need to update the messages.pot
via:
yarn translations
Once the new messages.pot
is merged into the dev
branch, it will automatically be updated in CrowdIn. You should expect to see a PR with the title New Crowdin translations
in a few minutes; this PR will update the *.po
files.
To publish to production:
yarn build && yarn publish
To publish to beta:
yarn build && yarn publish --tag beta
Note: This is usually not required, since Travis will automatically deploy to charts.binary.com and charts.binary.com/beta when
master
anddev
is updated.
The following commands will build and deploy to charts.binary.com (Make sure you are in the right branch!); you will need push access to this repository for the commands to work:
yarn deploy:beta # charts.binary.com/beta
yarn deploy:production # charts.binary.com
As ChartIQ license is tied to the binary.com
domain name, we provide developers with a binary.sx
to test out the library on their Github Pages.
For each feature/fix you want to add we recommend you deploy an instance of SmartCharts for it (e.g. brucebinary.binary.sx/featureA
, brucebinary.binary.sx/featureB
). To deploy SmartCharts to your github pages, you first need to setup your gh-pages
branch:
binary.sx
subdomain pointed to your github.io
page first (e.g. brucebinary.binary.sx -> brucebinary.github.io
).gh-pages
branch, add a CNAME
in your project root folder, and push that file to your branch, for example:git checkout -b gh-pages origin/gh-pages # if you already checkout from remote execute: git checkout gh-pages
echo 'brucebinary.binary.sx' > CNAME # substitute with your domain
git add --all
git commit -m 'add CNAME'
git push origin gh-pages
Here on, to deploy a folder (e.g. myfoldername
):
yarn build-travis && yarn gh-pages:folder myfoldername
Now you should be able to see your SmartCharts app on brucebinary.binary.sx/myfoldername
.
Alternatively you can deploy directly to the domain itself (note that this erases all folders; could be useful for cleanup). In our example, the following command will deploy to brucebinary.binary.sx
:
yarn build-travis && yarn gh-pages
Note:
yarn build-travis
will add hashing insideindex.html
; do not push those changes to git!
FAQs
[![npm (scoped)](https://img.shields.io/npm/v/@binary-com/smartcharts.svg)](https://www.npmjs.com/package/@binary-com/smartcharts) [![Build Status](https://travis-ci.org/binary-com/SmartCharts.svg?branch=dev)](https://travis-ci.org/binary-com/SmartCharts)
The npm package @binary-com/smartcharts receives a total of 41 weekly downloads. As such, @binary-com/smartcharts popularity was classified as not popular.
We found that @binary-com/smartcharts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.