Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@homebound/beam
Advanced tools
[![npm](https://img.shields.io/npm/v/@homebound/beam)](https://www.npmjs.com/package/@homebound/beam)
Homebound's React component design system.
To see the latest designs, check out the Figma file.
# Only when running for the first time to install dependencies for Beam & Truss
> yarn
> cd ./truss && npm i # Note that this will change director to /truss
# Easiest way to start. This runs Storybook.
> yarn start
# Re-build src/Css.ts after changing truss/ config files
> yarn build:truss
# Automatically re-build src/Css.ts after changing truss/ config files
> yarn watch:truss
Beam is specifically "Homebound's Design System". Given this extremely narrow purpose, we can lean into the simplicity of:
The most concrete manifestation of this is that we want to provide as few props as possible.
Fewer props generally means:
All of these points are generally in stark contrast to traditional, "big" UI toolkits like Material UI, Carbon from IBM, Spectrum from Adobe, etc., where they have to be "everything for everyone", and have the large API surface areas and complexity that comes with it.
For them, a MUI application in Company A shouldn't have to look & behave exactly like a MUI application in Company B. Which makes sense.
But for Beam at Homebound, we specifically want a component that behaves in our App A to look & behave the same as it does in our App B.
As we open source Beam, this vision of "as few props as possible", "components must look the same in every app" doesn't seem like something that other companies/projects would adopt (i.e. surely they want different colors, slightly different behavior to suit their user base, etc.).
Our proposal for solving this tension is to adopt a radically different model than "pull in the Beam npm library into your app and just use it as-is" (although you're free to do that too): it's forking.
"Adopters" of Beam should of course contribute back bug fixes and feature improvements; but they should also feel free (and encouraged) to run their own company-specific forks, and "customize by changing the source".
In this way, Beam should be seen as a place to "copy & paste" start from, rather than a project that will have 1,000s of npm downloads, and 100s of companies all collaborating on getting this one TextField
implementation to behave in the 101 different ways that they each want.
FAQs
[![npm](https://img.shields.io/npm/v/@homebound/beam)](https://www.npmjs.com/package/@homebound/beam)
We found that @homebound/beam demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.