Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@committed/hooks
Advanced tools
Committed hooks library
For documentation see https://committed.software/hooks
yarn add @committed/hooks
import * as React from 'react'
import { useHook } from '@committed/hooks'
const Example = (props) => {
const { hook } = useHook()
// ...
return <Component />
}
The main build is performed using Rollup:
yarn build
We use storybook to develop and document the components, this is run in development using
yarn storybook
There is also an example folder that can be used to test the library in it's built form. The recommended workflow is to run two terminals, in the first run
yarn start
This builds to /dist
and runs the project in watch mode so any edits you save inside src
causes a rebuild to /dist
.
Then run either Storybook or the example playground:
Run inside another terminal:
yarn storybook
This loads the stories from ./stories
.
NOTE: Stories should reference the components as if using the library, similar to the example playground. This means importing from the root project directory. This has been aliased in the tsconfig and the storybook webpack config as a helper.
Then run the example inside another:
cd example
yarn # if first time
yarn start
The default example imports and live reloads whatever is in /dist
, so if you are seeing an out of date component, make sure start
is running in watch mode like we recommend above. No symlinking required, we use Parcel's aliasing.
To run tests, use yarn test
and formatting with yarn format
and linting with yarn lint
.
Calculates the real cost of your library using size-limit with yarn size
and visualize it with yarn analyze
.
Import setupTests.tsx
in your test files to use react-testing-library
.
Two actions are added by default:
main
which installs deps w/ cache, lints, tests, and builds on all pushes against a Node and OS matrixsize
which comments cost comparison of your library on every pull request using size-limitExample drone configuration with steps for
MIT - © Committed Software 2020 https://committed.io
FAQs
Committed hooks library
The npm package @committed/hooks receives a total of 3 weekly downloads. As such, @committed/hooks popularity was classified as not popular.
We found that @committed/hooks demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.