Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@bufferapp/add-report
Advanced tools
Add Report button for Analyze chart components
If you're interested in working on or observing how things look, starting with React Storybook is a great way to get going. It's setup to automatically reload as the code changes to make it easy to do rapid iteration on components.
npm start
After that copy and paste the host and port that is displayed on the console into a browser.
If you're running this for multiple packages at the same time, it's helpful to pass in the port number.
npm start -- --port 8003
Tests are run using Jest and UIs are tested and locked down using Jest Snapshots and React Storybook.
Runs linter, then unit and snapshot tests. These tests are run using CI and are currently running on TravisCI:
https://travis-ci.com/bufferapp/buffer-publish
npm test
When writing unit tests for things like middleware and the main index file, it's useful to only run the test that change so you can rapidly iterate. Jest watch mode allows you do do this with a single command:
npm run test-watch
A UI package should include all concerns related to a given feature.
add-report/ # root
+-- __snapshots__/
`-- snapshot.test.js.snap # jest snapshots storage
+-- .storybook/ # React Storybook Configuration
`-- addons.js # storybook action panel configuration
`-- config.js # storybook main configuration
`-- preview-head.html # configure <head> in storybook preview
+-- components/ # presentational components
+-- AddReport # component that is only used in the package
`-- index.jsx # implementation of the component
`-- story.jsx # description of all the possible configurations of the component
`-- .babelrc # babel transpiler
`-- index.js # main package file, should export the container and top level resources
`-- index.test.js # main package file tests
`-- middleware.js # all action side effects
`-- middleware.test.js # test action side effects
`-- package.json # npm package
`-- README.md # you are here
`-- reducer.js # describe how data changes when actions occur
`-- reducer.test.js # test the reducer!
`-- snapshot.test.js # configure jest snapshots
This is the main package file, it's default export should be the container.
Imagine another package is trying to use the package you're building. The package API should look like this:
import AddReport, { actions, actionTypes, middleware, reducer } from '@bufferapp/add-report';
Presentational components (pure ui) are implemented with the followign structure:
+-- components/
+-- AddReport/
`-- index.jsx
`-- story.jsx
This should export a functional and stateless component. There are some special cases where handling things like focus
, hover
and active states that need to be tracked.
If you need focus
and or hover
take a look at PseudoClassComponent to wrap the component you're building:
https://github.com/bufferapp/buffer-components/blob/master/PseudoClassComponent/index.jsx
Here's an example of how to wrap a Button
:
https://github.com/bufferapp/buffer-components/blob/master/Button/index.jsx
This should set the context (properties) for every configuration of the component in index.jsx
. The story is used for both React Storybook
as well as Jest Snapshots
.
FAQs
Add Report button for Analyze chart components
The npm package @bufferapp/add-report receives a total of 232 weekly downloads. As such, @bufferapp/add-report popularity was classified as not popular.
We found that @bufferapp/add-report demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 32 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.