Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@core-ds/icons
Advanced tools
npm install @core-ds/icons
import { AlertCircle } from '@core-ds/icons/16' // Import 16px icons
import { Clipboard } from '@core-ds/icons/24' // Import 24px icons
function Example() {
return (
<div>
<AlertCircle />
<Clipboard />
</div>
)
}
<?= coreIcon('alert-circle', 16) ?>
<?= coreIcon('clipboard', 24) ?>
<?= coreIcon('alert-circle') ?> <!-- Defaults to 16 if no size is specified. -->
Follow these steps to get the project setup on your local machine:
# Clone repo
git clone https://github.com/iFixit/core-icons.git
cd core-icons
# Install dependencies
npm install
# Add your Figma access token (generate an access token using the instructions below)
echo "FIGMA_TOKEN=<paste-your-token-here>" > .env
# This token gives us access to the Figma API which
# allows us to export icons directly from a Figma file.
See Figma's developer docs for more information.
If a designer has already updated the Figma file, you can skip to step 2. If not, open the Core Icons Figma file and make your changes. Reach out on Slack if you're having trouble opening the Figma file.
Create a new branch for your changes:
git checkout -b <branch>
Pull in the latest changes from the Figma file by running:
npm run figma-pull
Review the changes made by figma-pull
. If everything looks good, commit and push the changes:
git add .
git commit -m <message>
git push
Use GitHub to create a pull request for your branch.
After your pull request has been approved, bump the package version by running:
npm version [patch | minor | major]
npm version
will bump the version and write the new data back to package.json
and package-lock.json
. It will also create and push a version commit and tag.
Note: In the context of Core Icons, significant changes to the library or workflow, or removing an icon would be considered a major update, adding a new icon would be considered a minor update, and fixing an icon would be considered a patch. Non-code changes (e.g. documentation) do not require a version bump.
After your pull request has been approved and the package version has been bumped, go ahead and merge the pull request into master. You don't have to worry about publishing to npm because we have a GitHub action set up to automatically publish the package when a commit is pushed to master.
After your pull request have been merged, create a new release to document your changes. Use the tag you generated in step 6 to create the release.
Done 🎉
FAQs
Unknown package
The npm package @core-ds/icons receives a total of 78 weekly downloads. As such, @core-ds/icons popularity was classified as not popular.
We found that @core-ds/icons demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.