
Research
/Security News
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.
@doist/typist
Advanced tools
The mighty Tiptap-based rich-text editor React component that powers Doist products.
Typist is the mighty Tiptap-based rich-text editor React component that powers Doist products, which can also be used for displaying content in a read-only fashion. Typist also supports a plain-text mode, and comes with HTML/Markdown serializers.
Note
This project is not attempting to be an all-purpose rich-text editor. Whilst everyone is welcome to fork or use this package in their own products, development decisions are centered around Doist product requirements.
npm install --save @doist/typist
If you are using npm 7+ and the legacy-peer-deps options is not enabled, peer dependencies should have been automatically installed for you with the command above. Otherwise, you can install them with:
npm info @doist/typist peerDependencies --json \
| command sed 's/[\{\},]//g ; s/: /@/g' \
| xargs npm install --save
import { TypistEditor, RichTextKit } from '@doist/typist'
function TypistEditorContainer({ content }) {
return (
<TypistEditor
placeholder="A full rich-text editor, be creative…"
content={content}
extensions={[RichTextKit]}
/>
)
}
If you're looking for additional documentation, in-depth examples, or a live demo, please check out our Storybook.
A curated list of open-source rich-text editors powered by Tiptap that we can draw inspiration from:
If you're interested in contributing code and/or documentation, please read our contributing guide.
The use of this source code is governed by an MIT-style license that can be found in the LICENSE file.
FAQs
The mighty Tiptap-based rich-text editor React component that powers Doist products.
We found that @doist/typist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.

Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.

Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.