Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@framerjs/component-importer
Advanced tools
The component-importer
is a command-line tool that makes it easy to import React-based design systems into Framer X. It analyzes your production design system's source code and generates readable React components that can be loaded by Framer X. It currently supports components written in TypeScript, Flow or vanilla JavaScript (via PropTypes).
Let's take a quick look at the generated code.
import * as React from "react"
import * as Fabric from "office-ui-fabric-react"
import { addPropertyControls, ControlType } from "framer"
function Button(props) {
return <Fabric.Button {...props} />
}
addPropertyControls(Button, { // <=== Inferred Property Controls
kind: {
type: ControlType.Enum,
defaultValue: "primary",
options: ["primary", "secondary"]
},
label: { type: ControlType.String },
isLoading: { type: ControlType.Boolean, defaultValue: false },
})
By analyzing the button component's TypeScript definitions, we can infer its property controls, similar to React Storybook's knobs. This means you can now drag your button to the Framer X canvas and modify it using a GUI that everyone can understand:
Design Systems lower engineering costs by keeping a single source of truth for your company's visual language. They have been successfully adopted by the industry's most sophisticated players like Google, Microsoft and Uber. Even the UK and US government have one!
There's still one big problem though: production design systems are typically only accesible to technical designers, comfortable enough with the command line and familiar with web development tooling like Webpack, TypeScript/Flow, React/Angular, etc. This means that designers often end up having to maintain their own copy which is expensive to keep in sync.
The component-importer
makes it possible to import your company's design system into Framer X, so designers can start prototyping with components that behave just like they do in production.
To install run:
yarn global add @framerjs/component-importer
This will globally install the component-importer
executable.
Let's go through the process of importing the Fabric UI design system from scratch.
Create a Framer X folder-backed project:
NOTE: .framerfx
projects are regular NPM projects. Go to your favorite text editor and try to open the folder we just created. The contents will look something like this:
build/
code/
design/
metadata/
node_modules/
package.json
README.md
tsconfig.json
yarn.lock
As you can see, it's a good ol' NPM package with its package.json
and node_modules
. It also has a tsconfig.json
file as Framer X supports TypeScript by default. By convention, all code components live in the code/
folder.
Before we import Fabric UI, we will first need to add it as a dependency:
# cd into the project created in the previous step.
cd ~/my-project.framerfx
# Fabric UI's npm package name is `office-ui-fabric-react`
yarn add office-ui-fabric-react
component-importer
In order to configure the component importer you will need to setup a configuration file at the root of your project.
The component-importer init
command will help you setup appropriate defaults for your project.
The general syntax is component-importer init <packageName>
. For example, component-importer init @blueprintjs/core
will try to import the @blueprintjs/core
package into your Framer X project.
Note that by default, the component importer will run in TypeScript mode and expect to find a type definitions file in the package you've pointed it to. If your components are written in a different flavor of JavaScript, you can use the --mode
argument to pick a different mode. The available modes are:
--mode flow
for Flow-typed components--mode plain
for components written in plain JavaScript with props described in a static propTypes
property on the exported component.Now you can run the following command for your design system of choice:
# Make sure to run this command at the root of your Framer X project
component-importer init office-ui-fabric-react
After the command has run successfully, you should see two changes:
importer.config.json
file will be created at the root of your project. This file stores the configuration for the component importer. You can read more about configuring the importer here.code/
folder is now filled with React components.Production design systems are meant to be consumed by engineers, not design tools, so you will need to spend some time adjusting the generated code. This means removing components that don't make much sense inside of Framer X and adjusting the UX of the generated property controls.
You can use the generate
command to re-run the component importer and get the latest changes from the upstream design system. The importer uses a simple mechanism for resolving & merging conflicts which you can read more about here.
# Make sure to run this command at the root of your Framer X project.
component-importer generate
Looking for projects using the component-importer
?
Looking to dive deeper into the component-importer
? These guides are here to help:
importer.config.json
.Want to learn more about design systems?
Are you working on the component-importer
? These commands will help you get started,
yarn run build
yarn run test
yarn build
# creates a symbolic link to the current build of the component importer.
ln -s "$(realpath build/cli.js)" /usr/local/bin/importer
# You can now run anywhere in your file system
importer --help
component-importer
Run yarn publish
and pick a new version. Keep the version at 0.0.X until we reach a stable state.
Run yarn changelog
to re-write the changelog.
FAQs
```ts import * as React from "react" import * as Fabric from "office-ui-fabric-react" import { addPropertyControls, ControlType } from "framer"
The npm package @framerjs/component-importer receives a total of 0 weekly downloads. As such, @framerjs/component-importer popularity was classified as not popular.
We found that @framerjs/component-importer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 55 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.