Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@bulb/patterns
Advanced tools
Welcome to the Bulb Design repository!
This repo contains;
The latest version of the library is published at http://design.bulb.co.uk where you can browse the library and try new pattern arrangements in the playgrounds.
To use the patterns in your project, first, add the @bulb/design
package.
Note: this is a private package, and you will need to login to npm and be added to the Bulb npm organisation.
yarn add @bulb/design
You can then simply import the components you wish to use, if you're using the full project.
import { AppLinks } from '@bulb/design/modules/AppLinks';
<AppLinks {...props} />;
import { Button } from '@bulb/design';
<Button {...props} />;
To run the library locally run the following command.
yarn run start
This will run it in a hot mode and will update any browser windows (on modern browsers) with any changes you make locally. For older browsers such as ie10 you will need to manually refresh the browser window following local changes.
Note: currently for the non typescript components, static assets such as images and icons are included in the compiled file, but this may change in the future so it doesn't make the file so large.
See the Solar techincal styleguide for details about how to structure and write new patterns.
We use changelogs for patterns to help document the changes to components over time.
This helps us when consuming components that have been changed by one another to see why and how components have changed.
When updating components, we update the adjacent CHANGELOG.md
file with an entry describing the change where appropriate.
New changes should be added under the vNext
section at the top of the changelog file.
# CHANGELOG
## vNext
- [major] short description of breaking change
- [minor] short description of new feature
- [patch] short description of bug fix
- short description of non breaking change
## v17.0.1
// ...previous changes
We utilise an internal library tool to create a visual reference to all the patterns we've built in here.
When you add a new pattern to this repo, the README.md
should be filled with details of this pattern.
It is generally the same Markdown as with Github, with the addition of Specimens - read about those over here to make your documentation amazing.
While we don't use catalog anymore, the api for our tool is based on it.
Static values and CSS variables are in the src/styles
directory.
In your components, you can import these,
import { palette } from '../../styles/tokens';
The test command is simply
yarn test
You can add any of the Jest CLI options to test specific files.
Your tests should cover any interactions your component may have.
The test command is simply
yarn vr-test
Visual regression tests require machine setup to run, see the Visual Regression Testing Document for details about how to set these up and use them to test your components.
FAQs
Welcome to the Bulb Design repository 👋
The npm package @bulb/patterns receives a total of 74 weekly downloads. As such, @bulb/patterns popularity was classified as not popular.
We found that @bulb/patterns demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.