Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@clds/design-system-foundations
Advanced tools
Design System Foundations establish two abstract concepts:
When some component can contain other inside, it usually creates a slot for it, sometimes called "area". For example, the button can contain the icon.
In order to make implementations of all components decoupled, we introduce a concept that describes how much space child component is expected to consume.
It is expressed in an abstract unit, which is equal to theme spacing units: xxs, sm, md, etc.
We create components that can automatically adjust it's size if the component hasn't specified size directly.
The communication between containers and children is done via special FoundationContext
.
Once component puts the expected size into the context, then any component inside can read it and default it's size to make sure it consumes the space expected by the container.
Components size props are not standardized.
For example sm
button doesn't have spacing.sm
height but greater. Also, button supports only sm
and md
sizes.
We should map context props into components props individually.
Components can have different color versions.
The thing, which is common for many components, is their tone
and variant
.
Variant implies the main color for the component theme (primary
, error
, etc
),
and tone
implies how colors are used (subtle - lightweight, non eye-disturbing, solid - intense colors, bring user attention).
The surface is an abstract concept that combines both tone
and variant
.
Many components in design system accept properties which are superset of the surface
concept.
But when one component is used inside the other, it is expected that the child component will somehow adjust own surface to be clearly visible when inside the container.
This is why we share this information about container surface via SurfaceContext
.
It means that if the component doesn't have own surface-related props specified, they will default to
ones mapped from the Surface
context.
Child surface-related default props are mapped from the surface context, which means that the child component has to decide how to create own default style to make it visible on the surface.
For example, if Banner
component is used with success
variant, it will put
{ tone: 'solid', variant: 'success' }
into the context.
If you put a Chip
inside a banner, it reads the context and defaults its own variant
to success
but the button tone
, to be clearly visible, has to be the opposite - solid
when subtle
and subtle
when solid
.
This package contains API for two independent contexts.
FoundationContextProvider
and createUseFoundationHook
SurfaceContextProvider
and createUseSurfaceHook
You can find more information about them in JSDocs.
This library follows Semantic Versioning.
See LICENSE
FAQs
---
The npm package @clds/design-system-foundations receives a total of 1,027 weekly downloads. As such, @clds/design-system-foundations popularity was classified as popular.
We found that @clds/design-system-foundations demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.