Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@eotl/theme-bootstrap
Advanced tools
A minimalist theme for EOTL sites and apps that defaults to dark mode. Dependencies which are bundled with the theme are:
Using those fancy javascript tools, you can install the theme with:
$ npm install @eotl/theme-bootstrap
$ yarn add @eotl/theme-bootstrap
Or for a more simple approach, you can just wget
the tar file.
$ wget https://registry.npmjs.org/@eotl/theme-bootstrap/-/theme-bootstrap-0.1.5.tgz
Or more simple still download theme
Default is to build is with the sassc utility.
We created an build script to assist with various needs. First make sure you
have a sass
compiler installed
# Linux
$ sudo apt install sassc
# OSX
npm install -g sass
Clone repo and build your assets!
$ git clone git@codeberg.org:eotl/theme-bootstrap.git
$ cd theme-bootstrap/
$ ./build.sh --icons
The build structure looks like this:
dist/
├─ css/
│ └─ eotl.css
├─ fonts/
│ ├─ Roboto-Black.ttf
│ └─ RobotoMono-ThinItalic.ttf
├─ icons/
├─ images/
├─ js/
├─ favicon.ico
└─ index.html
index.html
is a styleguide which shows all styled components/css/eotl.css
file loads the font files via the /fonts
path.To contribute to the theme, you can get the source to rebuild on changes,
you just need to install the inotify-tools
package and use the --watch
$ sudo apt install inotify-tools
$ ./build.sh --watch
Or specify a build path
$ ./build.sh --watch /path/to/site/
To publish to NPM (assuming you have credentials) do the following:
$ npm pack
$ npm publish
FAQs
Bootstrap 4 theme for EOTL collective
The npm package @eotl/theme-bootstrap receives a total of 40 weekly downloads. As such, @eotl/theme-bootstrap popularity was classified as not popular.
We found that @eotl/theme-bootstrap demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.