Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@guardian/atom-renderer
Advanced tools
Please note that this library has now been deprecated and is no longer maintained. You can of course continue to use any previously published versions but it is no longer receiving updates or bug fixes. You may want to look into using https://github.com/guardian/csnx/tree/main/libs/@guardian/atoms-rendering instead (note thats atoms-rendering
vs atom-renderer
in this legacy library)
A library that renders atoms from the content API into front-end code. It is written in javascript using type-checking from FlowJS, and wrapped in a Scala app.
Clone repo: git clone git@github.com:guardian/atom-renderer.git
Install node dependencies: yarn
Install sbt dependencies sbt compile
. You need to have the pgp plugin installed globally.
Installing the node modules above should have installed what you need to run flow.
To check for any compile errors, run flow like this: yarn run flow
More information on Getting Started with Flow.
Build the JS code: yarn frontend
& yarn apps
Build the Scala code: sbt compile
The utils
project provides a convenience application to quickly preview the rendering of an atom. Just go in that project and run
it, then hit http://localhost:8080. The app will ask you to select an atom type and type an atom ID, then will render it using the "article" rendering.
Note: you will need to set a value for the CAPI_TEST_KEY
environment variable, e.g. in your .bash_profile
, to be able to run the project locally.
You need to publish your changes to NPM as a new version of the Atom Renderer package. Then, you need to open the Guardian's Frontend app on your local machine, require the updated Atom Renderer package and run Frontend.
In Atom-Renderer:
Update version
in package.json
to something like X.X.X-yourname.test.1
Use the semver
convention to increment the version number. The '-yourname.test.1' part on the end indicates that this is a version to be used for testing purposes, not for actual use.). Commit these changes.
Build the frontend: yarn frontend
Build the apps: yarn apps
Make sure you a) have an account on NPMjs. and b) it is added to the Guardian group on npm.
Ensure your machine is logged into this account. If not, run: npm adduser
and sign in
Publish your version to NPM: npm publish
The version you just pushed should appear here: https://www.npmjs.com/package/@guardian/atom-renderer
In the (highly likely) scenario that you've made Scala code changes, that you'll want to test in Frontend (see below) you'll also need to publish your Scala changes locally.
First, check that atom-renderer/version.sbt
is correct, i.e. make sure it ends with -SNAPSHOT
, then run sbt +publishLocal
(the +
is significant for cross-compilation of Scala versions - see project/Dependencies.scala
for those) to add the updated library files to your local .ivy2/local/com.gu/
cache.
This'll be tagged with the same version as shown in atom-renderer/version.sbt
.
In Frontend
In a new window open up Frontend. You need to have the Frontend app installed and set up with AWS credentials from Janus added. See how to do that here.
In a local branch, tell the app to use the latest version of the atom-renderer:
yarn add @guardian/atom-renderer@X.X.X-yourname.test.1 -W
Recompile the frontend with the new version of Atom Renderer added: make compile-dev
Run the frontend code: make watch
Open new terminal and run: ./sbt
Switch into the article project, this will let you see the atom page: project article
Run it: run
You should be able to preview all atoms on this page: http://localhost:9000/open-platform/blog/related-content Here live: https://www.theguardian.com/open-platform/blog/related-content
Publish the library to NPM
Publish the library to Maven
Update Frontend to reference the new versions.
To publish to Maven
Open the sbt interactive shell: sbt
Compile the code compile
Release release
Once the version has updated on Maven,
go to the Frontend app, find the Dependencies.scala file and update the version number for Atom-Renderer. Run
./sbt
to open the interactive console and then compile
to pull in the new dependency.
Make sure to add your new atom type in these two files in Atom-Renderer:
core/src/main/resources/__flow__/types/atoms.fjs
webpack/atomTypes.js
Contact us in #journalism-team if you have problems with the repo / readme.
--
* Yarn is used in these instructions, but you can use npm if you prefer
FAQs
Platform-agnostic rendering library for atoms
The npm package @guardian/atom-renderer receives a total of 3 weekly downloads. As such, @guardian/atom-renderer popularity was classified as not popular.
We found that @guardian/atom-renderer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 47 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.