
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@doist/typist
Advanced tools
The mighty Tiptap-based rich-text editor React component that powers Doist products.
Typist is the mighty Tiptap-based rich-text editor React component that powers Doist products, which can also be used for displaying content in a read-only fashion. Typist also supports a plain-text mode, and comes with HTML/Markdown serializers.
Note
This project is not attempting to be an all-purpose rich-text editor. Whilst everyone is welcome to fork or use this package in their own products, development decisions are centered around Doist product requirements.
npm install --save @doist/typist
import { TypistEditor, RichTextKit } from '@doist/typist'
function TypistEditorContainer({ content }) {
return (
<TypistEditor
placeholder="A full rich-text editor, be creative…"
content={content}
extensions={[RichTextKit]}
/>
)
}
If you're looking for additional documentation, in-depth examples, or a live demo, please check out our Storybook.
A curated list of open-source rich-text editors powered by Tiptap that we can draw inspiration from:
If you're interested in contributing code and/or documentation, please read our contributing guide.
The use of this source code is governed by an MIT-style license that can be found in the LICENSE file.
FAQs
The mighty Tiptap-based rich-text editor React component that powers Doist products.
The npm package @doist/typist receives a total of 184 weekly downloads. As such, @doist/typist popularity was classified as not popular.
We found that @doist/typist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.