Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@guardian/prosemirror-noting
Advanced tools
This plugin adds the ability to have ranges added to the document that expand and contract around dependent on the input. These notes are represented as marks
in the document.
Very basic demo here
npm install prosemirror-noting
Add the mark to the schema
const mySchema = new Schema({
nodes,
marks: Object.assign({}, marks, {
note: createNoteMark(
{
note: "span.note"
},
meta => ({
class: meta.hidden ? "note--collapsed" : "",
title: "My Title",
contenteditable: !meta.hidden
})
)
})
});
Add the plugin to the state
const historyPlugin = history();
const noterPlugin = noter(mySchema.marks.note, doc, historyPlugin);
new EditorView(document.querySelector("#editor"), {
state: EditorState.create({
doc: DOMParser.fromSchema(mySchema).parse(
document.querySelector("#content")
),
plugins: [
keymap({
F10: toggleNote("note")
}),
historyPlugin,
noterPlugin
]
})
});
And import the css (if needed) from prosemirror-noting/dist/noting.css
.
Returns a mark to be added to the schema.
typeTagMap
- if this is passed with an object it expects a map between a "note type" and a dom tag (e.g. { note: "span.note"}
). Otherwise if a string is passed it will expect that string to be simply a tag name and the type will default to a type of note
. Good for styling.attrGenerator
- this will run when rendering the note to add derived DOM attributes from the meta data.Returns a command used for toggling notes based on the cursor position.
type
- this will use the type to decide which note type to toggle if there are more than one.cursorToEnd
- this will make the cursor skip to after the note when adding a new noteToggle note works in the following way:
Returns a command used for toggling all notes.
type
- this will use the type to decide which note type to toggle if there are more than one.Returns a command to set the meta for a note id
id
- the string id of the note to edit.meta
- an object that will be assigned to the current meta (i.e. will not overwrite keys it does not contain).Returns the plugin to add to prosemirror
markType
- the mark type that is being used in the schema to handle the notes.historyPlugin
- pass the history plugin to handle undo / redo.onNoteCreate
- a callback that is called when a new note is added to the document.meta.hidden
manually having to be set in the schema setup)FAQs
A plugin to allow noting in prosemirror
We found that @guardian/prosemirror-noting demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 34 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.