
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
@gitlab-org/gitlab-svgs
Advanced tools
Repository to manage all SVG Assets for GitLab. Creates SVG Sprites out of Icons and optimises SVG based Illustrations.
On first time use locally you need to install dependencies through yarn install
yarn run svg
- Runs all tasks that are available, if you want to release a new version just run this task
All output is saved to the dist
folder, from where it is also taken from our main applications.
If you add something in master
automatically all the steps will be done for previewing the icons.
To add new icons, simply place them in the sprite_icons folder, afterwards run the yarn run svg
command.
To add new illustrations, simply copy them in the illustrations folder, afterwards run the yarn run svg
command.
On a Merge Request also run 'yarn run svg' to check in the updated SVG Sprite and corresponding files until we have an automatic CI/CD solution.
The application for previwing is based on NUXT and is located in the folder svgpreviewer
.
You can run it locally through yarn run dev
then it will available under http://localhost:3333/
.
With yarn run generate
you can generate the static output to the public
folder.
Follow these steps when publishing a new version:
Update the version in package.json
with npm version
. We usually publish minor versions:
npm version minor -m "Explain which SVGs are added/modified"
This command will also tag the version for you.
Push the new version.
git push
Push the new tag
git push origin <tagname>
Make sure package.json
has an updated version and the tag are correctly set
Publish the new version Note: You will need an npm account with the correct permissions. Please contact Tim Zallman
npm publish
GitLab is an open source project and we are very happy to accept community contributions. Please refer to CONTRIBUTING.md for details.
FAQs
SVG Assets for GitLab
The npm package @gitlab-org/gitlab-svgs receives a total of 6 weekly downloads. As such, @gitlab-org/gitlab-svgs popularity was classified as not popular.
We found that @gitlab-org/gitlab-svgs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.