Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@heroku/react-malibu
Advanced tools
React components for using the Malibu SVG spritesheet.
yarn add @heroku/react-malibu
import { MalibuSprites, MalibuIcon } from '@heroku/react-malibu'
Clone the repo, then yarn install
. If you want to see the demo server, run yarn start
and visit http://localhost:3000 to browse the icons.
You cannot currently publish to NPM using yarn, because there are bugs.
See more in CONTRIBUTING.md.
This package offers two components: <MalibuSprites>
and <MalibuIcon>
.
<MalibuSprites>
Put this component on your page only once, it fetches and displays the entire spritesheet.
By default this will load the product sprites. To load the marketing sprites, add the set
property.
<MalibuSprites set='marketing'/>
<MalibuIcon>
Use this component to instantiate an icon.
<MalibuIcon name='add-badge-16' size={20} fillClass='dark-gray' style={'position': 'fixed'} extraClasses='foo bar baz'/>
name
(required): the name of the icon. See the full list at https://hk-malibu.herokuapp.com/.size
(default: undefined): the desired rendering size in pixels. Note that most icons come in -16
and -28
pixel variants. Choose the appropriate variant for the scale you wish to render at — for example, if you're rendering an icon at 12px, use the -16
icon as the base and 12
as the size
. If you do not specify a size, the icon's native size will be used.fillClass
(default: purple): the desired icon fill. Must be one of
purple
dark-gray
red
orange
green
blue
style
(optional): an object containing style definitions to apply to the rendered <svg>
element.extraClasses
(optional): a string containing space-separated classnames to apply to the rendered <svg>
element.FAQs
React components for Heroku's Malibu SVG icon system
We found that @heroku/react-malibu demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 25 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.