Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@cmsgov/ds-healthcare-gov
Advanced tools
A Site Package is a method for sharing common, site-specific, design and code resources between the various teams working on HealthCare.gov. These resources are unique to HealthCare.gov, and not generalized for inclusion in the Design System. It includes assets like design system overrides and site-specific components.
npm install --save @cmsgov/ds-healthcare-gov
The source files included are written in Sass (.scss
). You can add your node_modules
directory to your Sass includePaths
and import the file like below.
Note: The site package's Sass file imports the core
, layout
, and support
design system Sass files as well, so the following is all you need to import to gain access to those resources:
@import '@cmsgov/ds-healthcare-gov/src/index';
For components distributed through the site package, you can import them like this:
import { Header } from '@cmsgov/ds-healthcare-gov';
Note: Ensure that you use a bundler with tree shaking enabled to avoid bundling unused components.
Please view the CONTRIBUTING.md to read how you can add to the site package, as well as how to preview the site package in the context of the design system's documentation site.
├── dist
│ └── index.css Compiled CSS
├── src
├── components
│ ├── Header
│ │ ├── Header.jsx Top-level <Header> component
│ │ ├── defaultMenuLinks.js Default menu links for each header variation
│ └── index.scss Component Sass imports
├── locale
│ ├── en.json English i18n strings
│ ├── es.json Spanish i18n strings
│ └── translate.js react-i18next initializer and HOC
├── index.scss Main Sass entry point with all imports
└── settings
└── _override.color.scss Design system color variable overrides
HealthCare.gov consists of multiple codebases maintained by different teams. App 3.0 lives in one repo maintained by Nava, Window Shop lives in a different repo maintained by Ad Hoc, and Plan Compare lives in yet another repo. Currently this means some design assets and code are duplicated across codebases, going against the software development principle to keep things DRY. These multiple codebases naturally tend to have differences, and as a result have caused inefficiencies and inconsistencies to creep into the user interface.
The Design System is one way we're addressing the issues mentioned above. However, the design system is meant to be used by many CMS (Centers for Medicare & Medicaid Services) websites, not just HealthCare.gov. As a result, the resources within the design system are not tied to a particular website.
The primary goal of the Site Package is to reduce the amount of duplicate instances of HealthCare.gov front-end components and design assets, and having a single source of truth which all teams can contribute to and use.
A secondary goal for the Site Package is for it to serve as an intermediate step in a component's journey to becoming a design system component. This gives the teams working on HealthCare.gov a space to share and iterate on components that at first appear to only have a use case on HealthCare.gov.
FAQs
A design system for HealthCare.gov products
The npm package @cmsgov/ds-healthcare-gov receives a total of 355 weekly downloads. As such, @cmsgov/ds-healthcare-gov popularity was classified as not popular.
We found that @cmsgov/ds-healthcare-gov demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.