Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@hiro-ui/react-scripts

Package Overview
Dependencies
Maintainers
11
Versions
106
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hiro-ui/react-scripts

It's react-scripts@4.0.2 but with our own tweaks.

npmnpm
Version
2.0.10
Version published
Weekly downloads
259
1026.09%
Maintainers
11
Weekly downloads
 
Created
Source

@hiro-ui/react-scripts

It's react-scripts@4.0.2 but with our own tweaks.

Notable changes

  • Node 12+
  • SASS is supported out of the box (no need to install the node-sass package)
  • WebWorker is supported out of the box - worker-loader plugin (just suffix a file with .worker.js)
  • ESLintWebpackPlugin is disabled
  • ReactRefreshPlugin is enabled (for worker entry file need to add workaround with dummy functions https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#usage-with-indirection-like-workers-and-js-templates)
  • Code splitting is managed by CHUNKS_GENERATION flag (process.env.CHUNKS_GENERATION === 'true';)
  • Disabled CRA REACT_APP_ prefix for .env variables' names
  • used old format of manifest file
  • hiro-desktop config added through key --desktop (multiple entrypoints, support for modules in src/app/, NODE_TLS_REJECT_UNAUTHORIZED and HIRO_VERSION in process.env)

Available configuration parameters

VariableDevelopmentProductionNotes
PORT+-By default, the dev server will try to use port 3000. You may use this variable to specify a different port.
HOST+-By default, the development web server binds to localhost. You may use this variable to specify a different host.
HTTPS+-When set to true, app will run the development server in https mode.
PUBLIC_URL-+Your application is assumed to be hosted at the serving web server's root. You may use this variable to force assets to be referenced verbatim to the url you provide (hostname included). This may be particularly useful when using a CDN to host your application.
CI++When set to true, app treats warnings as failures in the build. It also makes the test runner non-watching. Most CIs set this flag by default.
GENERATE_SOURCEMAP-+When set to false, source maps are not generated for a production build. This solves out of memory (OOM) issues on some smaller machines.
CHUNKS_GENERATION-+When set to true, chunks are generated for a production build. Available only for desktop apps, not for desktop.

FAQs

Package last updated on 02 Mar 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Security News

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.

By Sarah Gooding  -  Feb 02, 2026
GlassWorm Loader Hits Open VSX via Developer Account Compromise

Research

/

Security News

GlassWorm Loader Hits Open VSX via Developer Account Compromise

Threat actors compromised four oorzc Open VSX extensions with more than 22,000 downloads, pushing malicious versions that install a staged loader, evade Russian-locale systems, pull C2 from Solana memos, and steal macOS credentials and wallets.

By Kirill Boychenko  -  Jan 31, 2026