Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@icgc-argo/uikit
Advanced tools
Reusable UI components for ARGO projects.
UIKit:
npm ci
npm run watch
Consumer project:
npm i <root_path_to_uikit>
Notes:
watch
first as dist
folder is usedreact-testing-lib with Jest test runner see Button.test.tsx for example
npm run storybook
npm run build-storybook
creates static storybook build in ./storybook-static
npm run create-component
npm run type-check
: trigger TypeScript type check for whole reponpm run type-check -- --watch
: runs the above with watch mode
npm run type-check
triggers tsc
, so any flag layed out here can be usedtsc
can also be run as a task in the editor:
Cmd+Shift+B
, then select tsc:build - tsconfig.json
PROBLEMS
tabversion
under uikit/package.release.json
Automated process (recommended)
develop
, and let the Jenkins pipeline handle itManual process (discouraged, but available)
npm run build-uikit
which performs the following:npm run publish-uikit
to publish latest version to npmreact/react-dom are needed as dependencies for storybook project does not work if they are just defined as peerDeps
Stories are written in the older storiesOf
style
https://github.com/storybookjs/storybook/blob/master/lib/core/docs/storiesOf.md
${__dirname}
(too many '/', diff OS)FAQs
ARGO UI component library
The npm package @icgc-argo/uikit receives a total of 1 weekly downloads. As such, @icgc-argo/uikit popularity was classified as not popular.
We found that @icgc-argo/uikit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.