Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@covision/elements
Advanced tools
A slightly opinionated starter kit for developing TypeScript and/or React NPM packages. It comes with a several pre-configured tools, so you could focus on coding instead of configuring a project for the nth time. From building to releasing a package, thi
A slightly opinionated starter kit for developing TypeScript and/or React NPM packages. It comes with a several pre-configured tools, so you could focus on coding instead of configuring a project for the nth time. From building to releasing a package, this starter kit has you covered.
👋 Hello there! Follow me @linesofcode or visit linesofcode.dev for more cool projects like this one.
npx degit TimMikeladze/typescript-react-package-starter my-package
cd my-package && git init
pnpm install && pnpm dev
❗Important note: This project uses pnpm for managing dependencies. If you want to use another package manager, remove the pnpm-lock.yaml
and control-f for usages of pnpm
in the project and replace them with your package manager of choice. If you don't have pnpm
installed and want to use it, you can install it by running npm install -g pnpm
.
Watch and rebuild code with tsup
and runs Storybook to preview your UI during development.
pnpm dev
Run all tests and watch for changes
pnpm test
Build package with tsup
for production.
pnpm build
To execute a file written in TypeScript inside a Node.js environment, use the tsx
command. This will detect your tsconfig.json
and run the file with the correct configuration. This is perfect for running custom scripts while remaining type-safe.
pnpm tsx ./path/to/file.ts
This is useful for running scripts, starting a server, or any other code you want to run while remaining type-safe.
Often times you want to link
this package to another project when developing locally, circumventing the need to publish to NPM to consume it.
In a project where you want to consume your package run:
pnpm link my-package --global
Learn more about package linking here.
When you are ready to commit simply run the following command to get a well formatted commit message. All staged files will automatically be linted and fixed as well.
pnpm commit
To lint and reformat your code at any time, simply run the following command. Under the hood, this uses Biome. If you use VSCode, I suggest installing the official biome extension.
pnpm lint
Create a semantic version tag and publish to Github Releases. When a new release is detected a Github Action will automatically build the package and publish it to NPM. Additionally, a Storybook will be published to Github pages.
Learn more about how to use the release-it
command here.
pnpm release
When you are ready to publish to NPM simply run the following command:
pnpm publish
❗Important note: in order to automatically publish a Storybook on Github Pages you need to open your repository settings, navigate to "Actions" and enable "Read & write permissions" for Workflows. Then navigate to "Pages" and choose "GitHub Actions" as the source for the Build and Deployment. After a successful deployment you can find your Storybook at https://<your-github-username>.github.io/<your-repository-name>/
.
❗Important note: in order to publish package to NPM you must add your token as a Github Action secret. Learn more on how to configure your repository and publish packages through Github Actions here.
To bundle CSS files with your package that you intend on users to import within their own project, a few extra steps are required.
src
directory. For example, src/styles.css
.tsup.config.ts
file to include your CSS file as an entry point. For example:import { defineConfig } from "tsup";
export default defineConfig({
entry: ["src/index.ts", "src/styles.css"],
// ...
});
package.json
to include the CSS file as an exports
entry. For example:{
"exports": {
"./styles.css": "./dist/styles.css"
}
}
import "your-package/styles.css";
Alternatively, if your package has a hard dependency on a CSS file and you want it to always be loaded when your package is imported, you can import it anywhere within your package's code and it will be bundled with-in your package.
tsup supports PostCSS out of the box. Simply run pnpm add postcss -D
add a postcss.config.js
file to the root of your project, then add any plugins you need. Learn more how to configure PostCSS here.
Additionally consider using the tsup configuration option injectStyle
to inject the CSS directly into your Javascript bundle instead of outputting a separate CSS file.
That's awesome! Feel free to add it to the list.
🗃️ Next Upload - Turn-key solution for integrating Next.js with signed & secure file-uploads to an S3 compliant storage service such as R2, AWS, or Minio.
🏁 Next Flag - Feature flags powered by GitHub issues and NextJS. Toggle the features of your app by ticking a checkbox in a GitHub issue. Supports server-side rendering, multiple environments, and can be deployed as a stand-alone feature flag server.
🔒 Next Protect - Password protect a Next.js site. Supports App Router, Middleware and Edge Runtime.
📮 Next Invite - A drop-in invite system for your Next.js app. Generate and share invite links for users to join your app.
🔐 Next Auth MUI - Sign-in dialog component for NextAuth built with Material UI and React. Detects configured OAuth and Email providers and renders buttons or input fields for each respectively. Fully themeable, extensible and customizable to support custom credential flows.
⌚️ Next Realtime - Experimental drop-in solution for real-time data leveraging the Next.js Data Cache.
✅ Mui Joy Confirm - Confirmation dialogs built on top of @mui/joy and react hooks.
🗂️ Use File System - A set of React hooks to interact with the File System API. Watch a directory for changes and return a map of filepaths & contents when a file is added, modified or removed.
🐙 Use Octokit - A data-fetching hook built on top of the Octokit and SWR for interacting with the Github API. Use this inside a React component for a type-safe, data-fetching experience with caching, polling, and more.
🐌 Space Slug - Generate unique slugs, usernames, numbers, custom words, and more using an intuitive api with zero dependencies.
🌡️ TSC Baseline - Save a baseline of TypeScript errors and compare new errors against it. Useful for type-safe feature development in TypeScript projects that have a lot of errors. This tool will filter out errors that are already in the baseline and only show new errors.
♾️ react-infinite-observer - A simple hook to implement infinite scroll in react component, with full control over the behavior. Implemented with IntersectionObserver.
FAQs
A slightly opinionated starter kit for developing TypeScript and/or React NPM packages. It comes with a several pre-configured tools, so you could focus on coding instead of configuring a project for the nth time. From building to releasing a package, thi
The npm package @covision/elements receives a total of 44 weekly downloads. As such, @covision/elements popularity was classified as not popular.
We found that @covision/elements demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.