Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@greatnonprofits-nfp/flow-editor
Advanced tools
'Standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem.'
This is a standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem. The editor is a React component built with TypeScript and bundled with Webpack. It is open-sourced under the AGPL-3.0 license.
You can view and interact with the component here.
yarn
Node.js >= 10.x
The flow editor is a non-ejected project based on create-react-app. We use yarn to manage dependencies.
% yarn install
Webpack is used to transpile TypeScript and SASS. After invoking a build, the compiled results will arrive in /build
.
% yarn run build
To run the flow editor in development mode, it requires an asset server. This is what is responsible for serving up flow definitions, groups, contact fields, etc. This project includes an in memory asset server for testing purposes. These are the same lambda functions used by our Netlify preview site.
First, compile and run the local version for a faux asset server.
% yarn lambda
Then you are ready to fire up the development server for the editor.
% yarn start
The project is fully localized using i18next
and leans on react-i18next
to integrate it inside components. To generate new keys and defaults for localization, we use i18next-scanner
. Use the yarn command scan
to update localization keys.
% yarn scan
This file is then uploaded to Transifex for broad language translations. Once a language reaches full translation, it will be merged into the project.
This project uses Jest for unit/snapshot testing and react-testing-library where we can. The project has some older more complex tests that use Enzyme. Typescript and Jest are integrated via ts-jest.
% yarn test
Note that running this locally will automatically multithread based on how many cores your box has. It will also run it in the interactive watch mode. This mode is what you can use to easily run only failed tests or update snapshots. When this same command is run on CI, the tests will be run without watch mode automatically.
You can also run tests locally without watch mode
% yarn test --watchAll=false
Prettier is used to keep formatting consistent. We use huskey pre-commit hooks to run prettier on every commit.
It is possible to run prettify against the entire project without commits. This is only necessary if the project conventions change.
% yarn run prettify
To publish, simply invoke the desired semver -- patch, minor or major. This will version the package and travis will publish it to the npm repository automatically.
% yarn version --patch
% git push --tags
We encourage you to open issues on this project with any bugs you encounter or to make feature requests.
19 September 2022
#1074
#1073
#1048
#1052
#1058
#1062
#1063
#1065
#1066
#1072
27168d0
c342ffc
d506af6
FAQs
'Standalone flow editing tool designed for use within the RapidPro suite of messaging tools but can be adopted for use outside of that ecosystem.'
We found that @greatnonprofits-nfp/flow-editor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.