Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@keboola/indigo-ui
Advanced tools
Indigo UI library, its CSS and React components. Also Styleguide app showing usages of this library.
npm install -g grunt
yarn
yarn storybook
docker-compose build
(See Dockerfile
to check what's inside)docker-compose run --rm --service-ports node
First, check the content of .travis.yml
file and documentation about
Travis Deployment.
master
branch. There's "$TRAVIS_BRANCH" = "master"
condition in .travis.yml
.deploy-storybook.sh
script is responsible for deploying. Basically, it's a "home made"
replacement for Travis deploy
section, since that section is used for something else (covered
bellow).yarn build-dist-css
command is executed. There's
"$TRAVIS_BRANCH" = "$TRAVIS_TAG"
condition in .travis.yml
.deploy
section in
.travis.yml
src/indigo
or src/components
folders
and you want to make those changes available for users.Steps:
npm version ...
command
(manual here). This command should create new commit (with
version change in package.json
) and tag for you. There's no need to change package.json
manually or create tag manually.master
branch - e.g git push origin master
git push origin v1.0.0-beta-3
<- This triggers deploykbc-bootstrap
branchThis branch was introduced only for compatibility with
keboola/kbc-bootstrap. Releases from this branch are
tagged as v0.1.x
and you probably won't need to do anything with this branch. All reasese are
available here
Run npm pack
. Check its manual here.
FAQs
Keboola UI library
The npm package @keboola/indigo-ui receives a total of 20 weekly downloads. As such, @keboola/indigo-ui popularity was classified as not popular.
We found that @keboola/indigo-ui demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.