Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@cpelements/cp-comments
Advanced tools
CP-Comments
This web component is intended to be used with the red_hat_comments Drupal module.
This component had a rocky development process and is a bit different from working on most components. It's recommended to develop on this with a local Drupal environment, possibly many Drupal development environments.
Getting Started
See CP Elements Docs for general instructions getting setup, there's helpful info about getting your environment setup and other helpful information.
To get a proper dev setup get CP-comments setup in a Drupal environment:
- Setup DXP Commenting Platform - Repo instructions: https://gitlab.cee.redhat.com/dxp/customer-portal/dxp-commenting-platform
- Getting CP Elements plugged into the DXP Commenting Platform: https://docs.google.com/document/d/13KIqOg4XNc0NpTaGKuxDsmCJZKbliGw457usl6cXpaA/edit#
Also see the architecture documentation.
Compiling
From inside this folder run:
npm run dev
From CP Elements git root run:
# Only watches and compiles CP-Comments and it's dependencies
npm run dev cp-comments
# Or this command that launches a web server and watches/compiles all components:
npm start
The web server is not helpful for CP Elements at time of writing, it only works well in a Drupal context.
Dependencies
- PFelement base class
- pfe-avatar
- pfe-button
CSS Variables
| CSS Property Name | Default | Description |
|---|---|---|
--cp-comments__loader__color | #ccc | Color of the loading spinner |
Events
cp-comments:comments-loaded
Fires when the first/another batch of comments have been loaded
event.detail.commentCount: Total comments (from all pages)event.detail.cpComments: A reference to the cp-comments element
cp-comments:comment-added
Fires when a comment has been successfully added. Includes:
event.detail.commentCount: Total comments (from all pages)event.detail.cpComments: A reference to the cp-comments element
cp-comments:comment-deleted
Fires when a comment is successfully deleted. Includes:
event.detail.commentCount: Total comments (from all pages)event.detail.cpComments: A reference to the cp-comments element
pfeconfig-query
Fires when component loads and is ready for config from the host site. See docroot/modules/contrib/red_hat_comments/templates/comments-block.html.twig on the Commenting Platform, which captures the event and sets the config on cp-comments.
Development Process
At time of writing, we're in the middle of heavy development, and need to coordinate multiple folks working on the code, pushing code to QA, and code review.
The process (for now) is:
- For new work create a feature branch from
epic/cp-comments-1x/integration, it's recommended to use DAT branch naming for consistency:feature/USERNAME/TICKET--SHORT-DESCRIPTION For example: feature/wruvalca/CPCORE-9212--fixing-authentication` - You can run
npm run dev cp-commentsfrom CP Elements git root, ornpm run devfrom the CP Comments folder to watch and build code. - Work on your feature in your branch until it's ready for review.
- Create an MR in Gitlab against
main. - Coordinate with Wes and other devs to create a new version on NPM, so we can push the code to QA.
Releasing to Preprod
Check with devs working on cp-comments to see if they're close to needing a release to combine efforts.
- Make sure all code for the release is merged to
epic/cp-comments-1x/integration - Push the updated
epic/cp-comments-1x/integrationto GitLab - Make sure you're on the right version of node (
nvm useor similar for CP Elements gitroot) - Go to
elements/cp-comments - Run
npm version patch(assuming you want a patch and not ) - Run
npm run build(this ensures the component will report the right version from it's API) npm publish --access=public- Go to CP Chrome and checkout
epic/cp-comments-1x/integration - Update the cp-comments version in
j/public_modules/package.json - Commit
- Follow the instructions from here starting at step 4: https://docs.engineering.redhat.com/pages/viewpage.action?pageId=310386287
- Do a CP Chrome release to Dev and QA, and optionally stage. If you aren't familiar with the process, it is highly recommended to find someone who is, as it's a tedious and confusing release process. Documentation is available though.
Keywords
FAQs
Comments web component made for Red Hat Customer Portal
We found that @cpelements/cp-comments demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 16 open source maintainers collaborating on the project.
Package last updated on 07 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025