Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@guardian/discussion-rendering
Advanced tools
Changelog
15.0.0
Readme
This codebase started as a hack day project by @gtrufitt and @nicl. The purpose is parity of the existing discussion application on Frontend using the discussion API (search for Private Repo).
Once you've cloned the repo, run
yarn
to install and then
yarn storybook
to display the components
yarn dev
will show the full discussion app with query parameter options
Versioning and publishing for this package is managed through changesets.
If you make a change to the repo which merits a version bump, you should add a changeset to your PR:
yarn changeset
. This will run a CLI with prompts you have to complete.major
, minor
, or patch
.changesets
bot`Note When a PR with a changeset is merged to
main
, changesets will automatically open a new PR which, when merged, will automatically bump the version number (following semver conventions), publish the new version to npm, and update the github changelog for this package.
Changesets is a relatively new addition to this repo, so if you run into any difficulties using it, please feel free to open an issue in this repo.
If you don't want to publish but still want to see how your changes look when imported, you can use yarn's link command. From this directory, run
yarn link
Then, as per the prompts, go to the directory of the project you want to link to and run
yarn link '@guardian/discussion-rendering'
This will mean that this project will now read directly from your local copy of discussion-rendering, instead of downloading from npm. To reset and restore normal npm access run
yarn unlink '@guardian/discussion-rendering'
As per the prompts, you may need to force reinstall
While you are linked, you will need to run yarn build
after making changes to discussion-rendering to see them in the linked repo.
yarn build
Builds the app for production to the build
folder.
There's a Github action set up on the repository to scan for vulnerabilities. This is set to "continue on error" and so will show a green tick regardless. In order to check the vulnerabilities we can use the Github code scanning feature in the security tab and this will list all vulnerabilities for a given branch etc. You should use this if adding/removing/updating packages to see if there are any vulnerabilities.
FAQs
This codebase started as a hack day project by @gtrufitt and @nicl. The purpose is parity of the existing discussion application on Frontend using the discussion API (search for Private Repo).
The npm package @guardian/discussion-rendering receives a total of 0 weekly downloads. As such, @guardian/discussion-rendering popularity was classified as not popular.
We found that @guardian/discussion-rendering demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 47 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.