
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@bolstycjw/melt-ui-svelte
Advanced tools
Melt UI is a set of headless, accessible component builders for Svelte.
Melt UI is meant to be used as a base for your own styles and components. It offers:
Run our installer script to get started:
npx @melt-ui/cli@latest init
Import the builders to your code and start using them:
<script>
import { createCollapsible, melt } from '@melt-ui/svelte'
const {
elements: { root, content, trigger },
states: { open }
} = createCollapsible()
</script>
<div use:melt="{$root}">
<button use:melt="{$trigger}">{$open ? 'Close' : 'Open'}</button>
<div use:melt="{$content}">Obi-Wan says: Hello there!</div>
</div>
Contributions are welcome and encouraged!
Melt UI is under active development. Currently planned features can be found in the issues tab, alongside bug reports.
We work on this project on a volunteer basis in our free time. If you notice something that hasn't been implemented yet or could be improved, do consider contributing to the project! The goal is to enhance the experience of building with Svelte and improve the ecosystem for everyone.
Check out our Contributing guide to learn more.
Melt UI is an open-source project built by the community for the community. It wouldn't be possible if it wasn't for the work of some amazing people.
Got any questions? Want to talk to the maintainers?
Our Discord community is a great place to get in touch with us, and we'd love to have you there.
Looking for more? Check out the other component library projects available for Svelte.
FAQs

The npm package @bolstycjw/melt-ui-svelte receives a total of 3 weekly downloads. As such, @bolstycjw/melt-ui-svelte popularity was classified as not popular.
We found that @bolstycjw/melt-ui-svelte demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.