Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@granite-elements/granite-bootstrap
Advanced tools
Wrapping of *Bootstrap CSS* as Polymer web component to be used as shared style in full ShadowDOM mode
granite-bootstrap is a wrapping of Bootstrap CSS as Polymer shared styles modules (i.e. inside <dom-module>
tags).
Polymer 3.x. element
https://lostinbrittany.github.io/granite-bootstrap
Using polymer style modules modules is a two-step process: you need to use ES6 module imports to import the module, and a <style>
tag to include the styles in the correct place.
To use granite-bootstrap in an element:
granite-bootstrap
Install the component using npm:
$ npm i @granite-elements/granite-bootstrap --save
Once installed, import it in your application. Usually you will simply want to import granite-bootstrap.js
(wrap around bootstrap.css
) or granite-bootstrap-min.js
(wrap around bootstrap.min.css
).
Supossing you want to import granite-bootstrap.js
:
import '@granite-elements/granite-bootstrap/granite-bootstrap.js';
In your element's template you add the include for the granite-bootstrap module:
<style include="granite-bootstrap"></style>
<!-- import the module -->
<script type="module">
import '@granite-elements/granite-bootstrap/granite-bootstrap.js';
</script>
<dom-module id="x-foo">
<template>
<!-- include the style module by name -->
<style include="granite-bootstrap"></style>
<style>:host { display: block; }</style>
Hi
</template>
<script>Polymer({is: 'x-foo'});</script>
</dom-module>
To generate the style modules we use the granite-css-modularizer node script:
granite-css-modularizer
Clone the granite-css-modularizer repository and recover the dependencies using yarn
(or npm
) :
$ yarn install
yarn install v1.2.1
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 0.83s.
Recover Bootstrap distribution using yarn
(or npm
):
$ yarn add bootstrap@4.0.0-beta.2
yarn add v1.2.1
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning "bootstrap@4.0.0-beta.2" has unmet peer dependency "jquery@1.9.1 - 3".
warning "bootstrap@4.0.0-beta.2" has unmet peer dependency "popper.js@^1.12.3".
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
└─ bootstrap@4.0.0-beta.2
Done in 0.55s.
Currently granite-bootstrap uses Bootstrap version 4.0.0-beta.2, if you need another version you can change simply install it.
Using NodeJS and the granite-css-modularizer.js
to transform Bootstrap CSS files into polymer elements.
$ node ../granite-css-modularizer.js ./node_modules/bootstrap/dist/css ./css_modules/granite-bootstrap
After executing it, a series of HTML files is generated in the ./css_modules/granite-bootstrap
folder, each one corresponding to a Bootstrap CSS file.
$ ls ./css_modules/granite-bootstrap/*.html
granite-bootstrap-grid.html granite-bootstrap-grid-min.html granite-bootstrap.html granite-bootstrap-min.html granite-bootstrap-reboot.html granite-bootstrap-reboot-min.html
git checkout -b my-new-feature
git commit -m 'Add some feature'
git push origin my-new-feature
Run npm install from the repo directory:
npm install
Run the Polymer development server from the root project directory:
polymer serve --open
I'm aligning the versions of this element with Bootstrap version, in order to make easier to choose the right version
FAQs
Wrapping of *Bootstrap CSS* as Polymer web component to be used as shared style in full ShadowDOM mode
The npm package @granite-elements/granite-bootstrap receives a total of 2 weekly downloads. As such, @granite-elements/granite-bootstrap popularity was classified as not popular.
We found that @granite-elements/granite-bootstrap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.