Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@cube-dev/ui-kit
Advanced tools
UI Kit for Cube Dev Projects
Based on React Aria and tasty styling library.
Available Scripts
pnpm start
Runs the test page in the development mode. Open http://localhost:8080 to view it in the browser.
The page will reload if you make edits. You will also see any lint errors in the console.
pnpm storybook
Run storybook with all the components of UI Kit.
Deployed version of the Storybook from the main branch is here: https://cube-uikit-storybook.netlify.app/
pnpm build
Builds a static copy of UIKit to the dist/ folder.
Your app is ready to be deployed!
pnpm test
Not yet implemented
License
This project is licensed under the MIT License - see the LICENSE file for details.
Keywords
FAQs
UIKit for Cube Projects
The npm package @cube-dev/ui-kit receives a total of 2,576 weekly downloads. As such, @cube-dev/ui-kit popularity was classified as popular.
We found that @cube-dev/ui-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025