Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@greatnonprofits-nfp/flow-editor
Advanced tools
'Standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem.'
This is a standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem. The editor is a React component built with TypeScript and bundled with Webpack. It is open-sourced under the AGPL-3.0 license.
You can view and interact with the component here.
yarn
Node.js >= 10.x
The flow editor is a non-ejected project based on create-react-app. We use yarn to manage dependencies.
% yarn install
Webpack is used to transpile TypeScript and SASS. After invoking a build, the compiled results will arrive in /build
.
% yarn run build
To run the flow editor in development mode, it requires an asset server. This is what is responsible for serving up flow definitions, groups, contact fields, etc. This project includes an in memory asset server for testing purposes. These are the same lambda functions used by our netlify preview site.
First, compile and run the local version for a faux asset server.
% yarn lambda
Then you are ready to fire up the development server for the editor.
% yarn start
The project is fully localized using i18next
and leans on react-i18next
to integrate it inside components. To generate new keys and defaults for localization, we use i18next-scanner
. Use the yarn command scan
to update localization keys.
% yarn scan
This file is then uploaded to Transifex for broad language translations. Once a language reaches full translation, it will be merged into the project.
This project uses Jest for unit/snapshot testing and react-testing-library where we can. The project has some older more complex tests that use Enzyme. Typescript and Jest are integrated via ts-jest.
% yarn test
Note that running this locally will automatically multithread based on how many cores your box has. It will also run it in the interactive watch mode. This mode is what you can use to easily run only failed tests or update snapshots. When this same command is run on CI, the tests will be run without watch mode automatically.
You can also run tests locally without watch mode
% yarn test --watchAll=false
Prettier is used to keep formatting consistent. We use huskey pre-commit hooks to run prettier on every commit.
It is possible to run prettify against the entire project without commits. This is only necessary if the project conventions change.
% yarn run prettify
To publish, simply invoke the desired semver -- patch, minor or major. This will version the package and travis will publish it to the npm repository automatically.
% yarn version --patch
% git push --tags
We encourage you to open issues on this project with any bugs you encounter or to make feature requests.
FAQs
'Standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem.'
We found that @greatnonprofits-nfp/flow-editor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.