Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@hiro-ui/react-scripts

Package Overview
Dependencies
Maintainers
11
Versions
106
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hiro-ui/react-scripts

It's react-scripts@4.0.2 but with our own tweaks.

npmnpm
Version
2.0.14
Version published
Weekly downloads
50
-79.59%
Maintainers
11
Weekly downloads
 
Created
Source

@hiro-ui/react-scripts

It's react-scripts@4.0.2 but with our own tweaks.

Notable changes

  • Node 14+
  • SASS is supported out of the box (no need to install the node-sass package)
  • WebWorker is supported out of the box - worker-loader plugin (just suffix a file with .worker.ts)
  • ESLintWebpackPlugin is disabled
  • ReactRefreshPlugin is enabled (for worker entry file need to add workaround with dummy functions https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#usage-with-indirection-like-workers-and-js-templates)
  • Code splitting is managed by CHUNKS_GENERATION flag (process.env.CHUNKS_GENERATION === 'true';)
  • Disabled CRA REACT_APP_ prefix for .env variables' names
  • used old format of manifest file
  • hiro-desktop config added through key --desktop (multiple entrypoints, support for modules in src/app/, NODE_TLS_REJECT_UNAUTHORIZED and HIRO_VERSION in process.env)

Available configuration parameters

VariableDevelopmentProductionNotes
PORT+-By default, the dev server will try to use port 3000. You may use this variable to specify a different port.
HOST+-By default, the development web server binds to localhost. You may use this variable to specify a different host.
HTTPS+-When set to true, app will run the development server in https mode.
PUBLIC_URL-+Your application is assumed to be hosted at the serving web server's root. You may use this variable to force assets to be referenced verbatim to the url you provide (hostname included). This may be particularly useful when using a CDN to host your application.
CI++When set to true, app treats warnings as failures in the build. It also makes the test runner non-watching. Most CIs set this flag by default.
GENERATE_SOURCEMAP-+When set to false, source maps are not generated for a production build. This solves out of memory (OOM) issues on some smaller machines.
CHUNKS_GENERATION-+When set to true, chunks are generated for a production build. Available only for desktop apps, not for desktop.

FAQs

Package last updated on 29 Mar 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Next Open Source Security Race: Triage at Machine Speed

Security News

The Next Open Source Security Race: Triage at Machine Speed

Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.

By Sarah Gooding  -  Feb 06, 2026
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Research

/

Security News

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise

Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.

By Kush Pandya  -  Feb 06, 2026