Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@heroku/frankenpurple
Advanced tools
A UI kit for Heroku's web interfaces. To get started, check out https://purple.herokuapp.com!
A UI kit for Heroku's web interfaces. To get started, check out https://purple.herokuapp.com!
Please follow the instructions in the HIT repo when making a new release.
https://github.com/heroku/hit/blob/master/purple-deployment-instructions.md
npm install
npm start
Now open localhost:5000 in your browser.
See the Private Repo Resolution section below.
With this package installed locally, you can make changes to the source and have them reflected on the fly in a bower-based consumer. There is no need to manage and push to remote branches to test.
bower link
gulp watch
to automatically compile changescd
into your other bower-based projectbower link purple
watch: {
purpleScripts: {
files: ['node_modules/purple/dist/js/*.js'],
tasks: ['concat:bower']
},
styles: {
files: ['assets/styles/**/*.scss', 'node_modules/purple/dist/css/*.css'],
tasks: ['sass']
}
}
bower.json
specified version of purple, run bower uninstall purple
and then bower install
Now you should be all set.
As long as this is a private repo, we must take a few steps in order to be able to smoothly deploy this on the Heroku platform
Make sure you have GitHub password caching setup.
If you have enabled 2-Factor Auth on GitHub (and you should!) your GitHub password will not authenticate https
remotes. You must get an OAuth token to do so. Follow these steps:
https
repo, paste in your token rather than typing your GitHub password.credential.manager
configured above will store your OAuth token for all future HTTPS interaction with GitHub.In order to access this repo via bower in production, do the following (assuming you already have a buildpack set):
heroku buildpacks:add https://github.com/timshadel/heroku-buildpack-github-netrc
heroku config:set GITHUB_AUTH_TOKEN=<my-read-only-token>
for the production appRuby projects can include purple from our internal gem server. Be sure to specify the correct source.
gem 'purple'
Run bundle install
and add the following line to your application.scss
or equivalent file:
@import 'purple/rails';
Also add the following line to your application.js
or equivalent file:
//= require purple/rails
That's all!
Notice: you'll still need to configure Github password caching.
heroku config:add BUILDPACK_URL=https://github.com/ddollar/heroku-buildpack-multi.git
to setup multi buildpacks.buildpacks
file and add:https://github.com/timshadel/heroku-buildpack-github-netrc.git
https://github.com/heroku/heroku-buildpack-ruby.git
The fastest way to get started is to use our CDN:
<link rel="stylesheet" href="//www.herokucdn.com/purple/1.0.0/purple.min.css">
<script src="//www.herokucdn.com/purple/1.0.0/purple.min.js"></script>
For a list of available purple versions, see herokucdn.com/purple/.
FAQs
A UI kit for Heroku's web interfaces. To get started, check out https://purple.herokuapp.com!
We found that @heroku/frankenpurple demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 221 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.