
Security News
Next.js Patches Critical Middleware Vulnerability (CVE-2025-29927)
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
@codegouvfr/nextra-theme-dsfr
Advanced tools
Demo repo - Show me what it looks like
$ yarn add @codegouvfr/nextra-theme-dsfr @codegouvfr/react-dsfr @mui/material @emotion/styled @emotion/react @emotion/server
You have made some changes to the code and you want to test them in your app before submitting a pull request?
cd ~/github
git clone https://github.com/garronej/nextra-dsfr-demo
cd nextra-dsfr-demo
yarn
cd ~/github
git clone https://github.com/codegouvfr/nextra-theme-dsfr
cd nextra-theme-dsfr
yarn
yarn build
yarn link-in-app nextra-dsfr-demo
npx tsc -w
# Open another terminal
cd ~/github/nextra-dsfr-demo
rm -rf node_modules/.cache
yarn dev # Or whatever my-app is using for starting the project
You don't have to use ~/github
as reference path. Just make sure nextra-dsfr-demo
and nextra-theme-dsfr
are in the same directory.
For releasing a new version on GitHub and NPM you don't need to create a tag.
Just update the package.json
version number and push.
For publishing a release candidate update your package.json
with 1.3.4-rc.0
(.1
, .2
, ...).
It also work if you do it from a branch that have an open PR on main.
Make sure your have defined the
NPM_TOKEN
repository secret or NPM publishing will fail.
FAQs
DSFR theme for Nextra
The npm package @codegouvfr/nextra-theme-dsfr receives a total of 4 weekly downloads. As such, @codegouvfr/nextra-theme-dsfr popularity was classified as not popular.
We found that @codegouvfr/nextra-theme-dsfr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
Security News
A survey of 500 cybersecurity pros reveals high pay isn't enough—lack of growth and flexibility is driving attrition and risking organizational security.
Product
Socket, the leader in open source security, is now available on Google Cloud Marketplace for simplified procurement and enhanced protection against supply chain attacks.