Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@cardstack/boxel
Advanced tools
The repository provides an Ember Addon allowing usage of the Ember component library for the Boxel Design System.
It consists of several parts:
All components in /addon/components
will be used in whatever apps consume the design system. Each component folder consists of several parts:
index.hbs
& index.js
: The template and javascript for the component
index.css
: The pure CSS styles associated with the component. This file will automatically be added to the consuming app as wellusage.hbs
& usage.js
: A standardized way to document and experiment with the designs of each component. All usage files will automatically show up in the components list in /docs
in the dummy app. Utilizes chrislopresto/ember-freestyle
The prototypes are there to exercise in context various aspects of the design system.
There are many components that are specific to a certain prototype or will eventually be moved to other repos, like the main Cardhost app.
ember serve
Then browse to http://localhost:4200/
To run tests interactively:
ember test --s
(To prevent the interactive tests from launching new windows, use command ember test --s --launch=false
, and then visit http://localhost:7357/
on your browser.)
To run tests in the console:
ember test
To run the linter:
yarn lint:hbs
yarn lint:js
To run the linter, along with ember tests in the console:
yarn test
Check package.json
file for other testing and linting scripts.
In addition to the normal suite of ember generators, Boxel has a 'boxel-componentblueprint allowing you to generate a new boxel component (index.gts), a CSS file, a usage.gts, and an intergration test. Run it using
ember generate boxel-component your-component-name`.
Generating multiple image sizes / thumbs from
/public/media-registry/covers/
:
Kill your ember server if it's running otherwise it'll try to rebuild for every size generated.
brew install imagemagick # if not installed already
cd boxel
node generate-thumbs.js
The thumbs / sizes are intended to be committed to the repo for simplicity of static deployment
Using imgix for dynamic production data makes sense when there is a backend server to sign image urls, but for static deployment pregenerating the images is way more convenient than pre-signing the images as the necessary hooks do not exist in broccoli-asset-rev
FAQs
Cardstack Boxel Design System development app.
The npm package @cardstack/boxel receives a total of 4 weekly downloads. As such, @cardstack/boxel popularity was classified as not popular.
We found that @cardstack/boxel demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.