
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@dollarshaveclub/react-scripts
Advanced tools
create-react-app
's react-scriptsWhy Features Usage Commands Configuration Workflows
create-react-app
, webpack
injects and manipulates a static HTML file./<repo>/
standard for asset serving.react-scripts
that only runs the webpack dev server against a static HTML file. It would be more difficult to maintain and would differ from a production server's environment, making it susceptible to bugs.watch
script is not available in create-react-app
—which only has a start
script.Feature | Status | Description |
---|---|---|
SASS | Implemented | Sass configuration for react scripts |
cssnext | Implemented | CSS equivalent of babel |
Code Splitting – bootstrap / main | Implemented | Code split bundle into bootstrap.js (in ) and main.js (in ) |
CSS Modules | Implemented | Stage 1: only implemented for CSS files ending in .module.css |
SVG | Implemented | import SVGs as React components |
Flow Type | Implemented | Implemented in babel-preset-react by default |
TypeScript | Implemented | Interoperability will be a developer problem to solve |
Server Side Rendering | Evaluating | Needs to be scoped |
Absolute Paths | Will Not Implement | import x from 'face-landing/src/something.js' ; will not implement because it blocks us from ever server-side rendering without more build processes |
@dollarshaveclub/react-scripts
is a set of commands to run react apps following the create react app methodology.
It requires that apps adhere to certain rules—copy the src/
and server/
folders when creating a new app.
The following file types can be imported from JS/TS file types:
.js
, .jsx
, .json
- JS and JSON files are supported.ts
, .tsx
- TypeScript files are supported. TypeScript can be imported from JavaScript or vice-versa..module.css
- CSS modules are suffixed with .module.css
.css
- global CSS files are suffixed as .css
.module.scss
- SCSS modules are suffixed with .module.scss
.scss
- global SCSS files are suffixed with .scss
.svg
- SVG files imported in JS will be imported as a React componentAvoid the following:
dsc-react-start
localhost:<port>
and a webpack dev server on localhost:<port + 1>
.dist/
folder.dsc-react-build
build/
or dist/
folder.dsc-react-test <type>
server/**/__tests__/*.js
src/**/__tests__/*.js
src/**/__tests__/isomorphic/*.js
dsc-react-watch
build/
or dist/
folder continually.package.config.dollarshaveclub
/<package.name>/
. For example, face-web
assets are served from /face-web/
.In development, start your app locally by running npm start
, which should alias dsc-react-start
.
There should be a localhost
link after the command is run in a shell.
To develop an app in a minibox or devbox, run npm run watch
within a shell. Then, refresh the app in a browser.
To build an app for production, run npm run build
within a shell.
To publish a new version of @dollarshaveclub/react-scripts
, run:
npm publish
To publish a version for testing, also called a beta version:
In package.json
:
"version": "<version>-<betaVersion>"
/*
For example: "version": "1.0.0-beta.1",
- The word 'beta' is not required. It is preferred.
*/
Then, run:
npm publish --tag beta
For more information on publishing, check out npm's publish spec.
FAQs
@dollarshaveclub/react-scripts
The npm package @dollarshaveclub/react-scripts receives a total of 0 weekly downloads. As such, @dollarshaveclub/react-scripts popularity was classified as not popular.
We found that @dollarshaveclub/react-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 30 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.