Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@dhis2/ui-constants
Advanced tools
5.0.0 (2020-05-28)
widgets
onBackdropClick
prop has been renamed to onClickOutside
MenuDivider
and MenuSectionHeader
@dhis2/ui
using named exports.Layer
is an overlay component that fills the entire screen/page. Besides that it is also a key component to stack various components on top of one another. ComponentCover
is a similar component that only fills its parent, provided that has a non-static position. Both the Layer
and the ComponentCover
accept an onClick
and a translucent
prop. CenterContent
is a component that does exactly what it says on the tin. It also has a position
prop which can be used to vertically align the content at the top
, middle
(default), or bottom
. These new components replace the Backdrop
and the ScreenCover
, which had a slightly unclear scope and have now been removed. The Layer
uses the LayerContext
internally to control the stacking logic. This context has also been exposed via the useLayerContext
hook, which can be used to append portals to the current layer-node.@dhis2/ui-forms
components with 'FieldFF' to avoid conflicts with the base components in @dhis2/ui-core
and @dhis2/ui-widgets
, since all components are now exported in @dhis2/ui
. The FF stands for final-form, clarifying that the component is tied to final-form and making the relation with our regular Field components more clear. So, for example, instead of the regular <Input />
we used to export from ui-forms
we now have <InputFieldFF />
<FieldSetField />
component has been renamed to <FieldGroup />
<GroupControl />
component has been renamed to <FieldGroupFF />
FAQs
Constants used in the UI libs
The npm package @dhis2/ui-constants receives a total of 2,261 weekly downloads. As such, @dhis2/ui-constants popularity was classified as popular.
We found that @dhis2/ui-constants demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.