Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@croud-ui/solid-foundations
Advanced tools
Croud's Solid based component library
This package uses Yarn to manage the dependencies.
yarn
Our components are documented in Storybook.
Netlify publishes the latest version of Storybook when we merge anything into Master. The latest version of Storybook is deployed to the following url
https://croud-solid-foundations.netlify.app
Storybook has traditionally used Webpack to build storybook, but as our repo uses Vite (which is based on esbuild
), we are using the experimental storybook-builder-vite builder.
This gives us a massive speed improvment as well as a consistency with the rest of our toolchain, but not everything in the Storybook ecosystem is compatible with this builder yet
Use the following command to build Storybook locally for development
yarn storybook
We can build a production ready version of the storybook locally with the following command, but this will probably only be useful for debugging the production build.
yarn build-storybook
The assets from this build we be output into the storybook-static
dir (which is ignored by Git)
Design tokens are generated using theo which allows us to export our tokens in multiple formats.
All design tokens are defined in yml
format in the ~/src/tokens/config
directory.
The design token definitions are broken down, categorised and split out to make it easier to maintain. All new files must be imported into the root index.yml
file in order to be processed
To generate our design tokens in our desired formats we need to run the following command
yarn tokens:generate
The specifics of how we consume our generated design tokens depends on the language we need to reference them in.
All generated design token files are added to the ~/src/tokens/
directory.
For more info, including guidence on maintaining existing tokens and adding defining new tokens, please refer to the theo docs
If we want to port any components from this library to our existing CC monorepo, we will need to compile them as a Web Component. This will allow them to behave as self contained "black boxes" of interactivity within Croud Control.
Any customElements
defined in the /src/webComponents.tsx
file will be bundled into our NPM package
There is a handy WebComponentWrapper
HOC we should use to handle some common Web Component logic
customElement('some-component', { foo: undefined }, props => (
<WebComponentWrapper>
<SomeComponent {...props} />
</WebComponentWrapper>
))
For more info, see the Solid Element docs
After we have defined our customElement
, we can build a production ready build of our Web Components using the following command
yarn build-npm
The assets from this build we be output into the dist
dir (which is ignored by Git)
Bump the package version
npm version [patch, minor, major]
Publish the dist
dir to NPM
npm publish
FAQs
Croud's Solid foundations
The npm package @croud-ui/solid-foundations receives a total of 85 weekly downloads. As such, @croud-ui/solid-foundations popularity was classified as not popular.
We found that @croud-ui/solid-foundations demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.