Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@honeybook/hbui-scan
Advanced tools
@honeybook/hbui-scan
Analyzes React codebases to track @honeybook/hbui component usage with complete location tracking and CSS override analysis
hbui-scan
CLI tool that scans React codebases for @honeybook/hbui component usage, styled overrides, and CSS patterns. Provides detailed location tracking and component-centric analysis for design system improvement.
Installation
npm install -g @honeybook/hbui-scan
Usage
hbui-scan <path> [options]
# Scan a directory
hbui-scan ./src
# Scan honeybook-react
hbui-scan /path/to/honeybook-react/src
# Custom output directory
hbui-scan /path/to/honeybook-react/src --output=~/my-scan/
# Output JSON to stdout (for piping/scripting)
hbui-scan /path/to/honeybook-react/src --json
# Or use npx without installing
npx @honeybook/hbui-scan ./src
Output Structure
.hbui-scans/hbui-report-{timestamp}/
├── scan-info.json # Scan metadata and statistics
├── css-analysis.json # Global CSS pattern analysis
├── components/
│ ├── index.json # Component list with usage stats
│ ├── HBButton.json # All HBButton data with exact locations
│ ├── HBCard.json # All HBCard data with exact locations
│ └── ...
Component Report Example
Each component gets its own JSON file with complete usage data:
{
"componentName": "HBButton",
"package": "@honeybook/hbui",
"usages": [
{
"filePath": "/src/pages/Settings.tsx",
"line": 142,
"columnPosition": 3421,
"props": {
"buttonTheme": "primary",
"size": "md",
"onClick": "(dynamic)"
}
},
{
"filePath": "/src/components/Header.tsx",
"line": 28,
"columnPosition": 892,
"props": {
"buttonTheme": "secondary",
"disabled": true
}
}
],
"styledOverrides": [
{
"filePath": "/src/components/CustomButton.tsx",
"line": 5,
"variableName": "StyledPrimaryButton",
"originalComponent": "HBButton",
"cssProperties": ["padding", "background-color", "border-radius"],
"cssText": "padding: 12px 24px;\n background-color: #007aff;\n border-radius: 6px;"
}
]
}
Development
Built with TypeScript. Uses ts-morph for AST parsing, css-tree for CSS analysis.
Requires Node.js 20+
# Install dependencies
npm install
# Run locally during development (without building)
npm run scan -- ./fixtures
# Build the project
npm run build
# Run quality checks
npm run lint
npm run format:check
npm run type-check
npm test
FAQs
Analyzes React codebases to track @honeybook/hbui component usage with complete location tracking and CSS override analysis
We found that @honeybook/hbui-scan demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 80 open source maintainers collaborating on the project.
Package last updated on 17 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025