Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@brightspace-hmc/questions
Advanced tools
Question components for use in quizzing and/or surveys. Questions are able to populate/display using hypermedia with the d2l-questions-question
component regardless of question type, or with custom logic via type-specific presentational components. Development of these components is ongoing and implemented question types are listed below.
Question Type | Answerable | Readonly |
---|---|---|
Arithmetic | ||
Significant Figures | ||
Fill In The Blank | ✓ | |
Matching | ||
Multiple Choice | ✓ | ✓ |
Multi Select | ✓ | ✓ |
Multi Short-Answer | ||
Ordering | ||
Short Answer | ✓ | |
True False | ✓ | ✓ |
Written Response | ✓ |
Answerable components are interactable, while readonly components are designed for viewing previously answered questions and, depending on question type, may support indicating 'correct' answers.
Install from NPM:
npm install @brightspace-hmc/questions
<script type="module">
import '@brightspace-hmc/questions/components/d2l-questions-question.js';
</script>
<d2l-questions-question
question-href=""
question-response-href=""
token="">
</d2l-questions-question>
Properties:
Property | Type | Description |
---|---|---|
question-href | String | (required) Hypermedia href to the question |
question-response-href | String | Hypermedia href to the question response |
readonly | Boolean | If true, the question is not clickable/answerable |
token | String | Hypermedia token |
After cloning the repo, run npm install
to install dependencies.
# eslint and lit-analyzer
npm run lint
# eslint only
npm run lint:eslint
# lint & run headless unit tests
npm test
# unit tests only
npm run test:headless
# debug or run a subset of local unit tests
npm run test:headless:watch
This repo uses the @brightspace-ui/visual-diff utility to compare current snapshots against a set of golden snapshots stored in source control.
The golden snapshots in source control must be updated by the visual-diff GitHub Action. If a pull request results in visual differences, a draft pull request with the new goldens will automatically be opened against its branch.
To run the tests locally to help troubleshoot or develop new tests, first install these dependencies:
npm install @brightspace-ui/visual-diff@X mocha@Y puppeteer@Z --no-save
Replace X
, Y
and Z
with the current versions the action is using.
Then run the tests:
# run visual-diff tests
npm run vdiff
# subset of visual-diff tests:
npx mocha './test/**/*.visual-diff.js' -t 10000 -g some-pattern
# update visual-diff goldens
npm run vdiff:goldens
To start a @web/dev-server that hosts the demo page and tests:
npm start
TL;DR: Commits prefixed with
fix:
andfeat:
will trigger patch and minor releases when merged tomain
. Read on for more details...
The semantic-release GitHub Action is called from the release.yml
GitHub Action workflow to handle version changes and releasing.
All version changes should obey semantic versioning rules:
The next version number will be determined from the commit messages since the previous release. Our semantic-release configuration uses the Angular convention when analyzing commits:
fix:
or perf:
will trigger a patch
release. Example: fix: validate input before using
feat:
will trigger a minor
release. Example: feat: add toggle() method
BREAKING CHANGE:
with a space or two newlines in the footer of the commit messagebuild:
, ci:
, docs:
, style:
, refactor:
and test:
. Example: docs: adding README for new component
To revert a change, add the revert:
prefix to the original commit message. This will cause the reverted change to be omitted from the release notes. Example: revert: fix: validate input before using
.
When a release is triggered, it will:
package.json
Occasionally you'll want to backport a feature or bug fix to an older release. semantic-release
refers to these as maintenance branches.
Maintenance branch names should be of the form: +([0-9])?(.{+([0-9]),x}).x
.
Regular expressions are complicated, but this essentially means branch names should look like:
1.15.x
for patch releases on top of the 1.15
release (after version 1.16
exists)2.x
for feature releases on top of the 2
release (after version 3
exists)FAQs
Questions for use in quizzing and/or surveys
The npm package @brightspace-hmc/questions receives a total of 0 weekly downloads. As such, @brightspace-hmc/questions popularity was classified as not popular.
We found that @brightspace-hmc/questions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.