Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bufferapp/analyze-date-picker
Advanced tools
Date picker for Insights
If you're interested in working on or observing how things look, starting with React Storybook is a great way to get going. It's setup to automatically reload as the code changes to make it easy to do rapid iteration on components.
npm start
After that copy and paste the host and port that is displayed on the console into a browser.
If you're running this for multiple packages at the same time, it's helpful to pass in the port number.
npm start -- --port 8003
Tests are run using Jest and UIs are tested and locked down using Jest Snapshots and React Storybook.
Runs linter, then unit and snapshot tests. These tests are run using CI and are currently running on TravisCI:
https://travis-ci.com/bufferapp/buffer-publish
npm test
When writing unit tests for things like middleware and the main index file, it's useful to only run the test that change so you can rapidly iterate. Jest watch mode allows you do do this with a single command:
npm run test-watch
A UI package should include all concerns related to a given feature.
date-picker/ # root
+-- __snapshots__/
`-- snapshot.test.js.snap # jest snapshots storage
+-- .storybook/ # React Storybook Configuration
`-- addons.js # storybook action panel configuration
`-- config.js # storybook main configuration
`-- preview-head.html # configure <head> in storybook preview
+-- components/ # presentational components
+-- DatePicker # component that is only used in the package
`-- index.jsx # implementation of the component
`-- story.jsx # description of all the possible configurations of the component
`-- .babelrc # babel transpiler
`-- index.js # main package file, should export the container and top level resources
`-- index.test.js # main package file tests
`-- middleware.js # all action side effects
`-- middleware.test.js # test action side effects
`-- package.json # npm package
`-- README.md # you are here
`-- reducer.js # describe how data changes when actions occur
`-- reducer.test.js # test the reducer!
`-- snapshot.test.js # configure jest snapshots
This is the main package file, it's default export should be the container.
Imagine another package is trying to use the package you're building. The package API should look like this:
import DatePicker, { actions, actionTypes, middleware, reducer } from '@bufferapp/date-picker';
Presentational components (pure ui) are implemented with the followign structure:
+-- components/
+-- DatePicker/
`-- index.jsx
`-- story.jsx
This should export a functional and stateless component. There are some special cases where handling things like focus
, hover
and active states that need to be tracked.
If you need focus
and or hover
take a look at PseudoClassComponent to wrap the component you're building:
https://github.com/bufferapp/buffer-components/blob/master/PseudoClassComponent/index.jsx
Here's an example of how to wrap a Button
:
https://github.com/bufferapp/buffer-components/blob/master/Button/index.jsx
This should set the context (properties) for every configuration of the component in index.jsx
. The story is used for both React Storybook
as well as Jest Snapshots
.
FAQs
Date picker for Insights
We found that @bufferapp/analyze-date-picker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 31 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.