Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@knapsack/app-ui
Advanced tools
Install dependencies
yarn
Make sure your setup is healthy
yarn dr
Get Account Access; if these links open, you're good:
Ensure a local .env
file exists at the root of the project with at least the following content:
HASURA_ADMIN_SECRET="hasura admin secret code goes here"
Replace the value above with the x-hasura-admin-secret
found within the Request Headers section of the Hasura GraphQL Explorer.
yarn # install deps
yarn start
# open http://localhost:8080 when you see it
# optionally open up 2nd Terminal tab and run `yarn test:watch`
yarn start
Dev starting local work, kick off all watches & servers
HMR=yes yarn start
to opt-in to using Hot Module Replacement to speed up WebPack rebuilds. Note that sometimes weird state can happen that requires a browser refresh to reset. Once those scenarios are worked out, then this will become the default.yarn start:all
to run App & Storybookyarn sb:watch
to run Storybookyarn test:watch
Get quick feedback from TypeScript, Eslint, and other semi-quick running tests (i.e. no Cypress tests)yarn dr
Run Doctor to check your setupyarn new
Scaffold out new files using Plop. Config in plopfile.ts
.yarn fix
Auto-fix codesyarn reset
Clean all built code, toast & re-install node_modules
yarn wp:stats
Run to find out why your Webpack bundle is so big! Runs a clean prod build, then opens up ./public/stats.html
yarn start
- be patient, read all the terminal output & wait for http://localhost:8080
to say it's ready, you have two options on opening your browser:
http://localhost:8080
.tsx
or .ts
file in VS Code you can now create breakpoints that will allow rich runtime information about variables and more that can be triggered when navigated to in Chrome..vscode/launch.json
. More help herewebpack-dev-server
and HTTP requests trigger in-memory Webpack compiling; this makes re-compiles much faster though since it's in-memory & doesn't write to disk! PS That's why nothing is in ./public
until yarn build
console.log
, console.warn
, console.error
(can fail Cypress tests), & console.debug
<== Use the last one all you want; that can be messy & noisy./
or /ks
, if that's confusing, open the Bootstrap Demo by going to /site/ks-demo-bootstrap/latest
yarn test:watch
in a new Terminal tabyarn test:watch
in VS Code's terminalIdeally conventions are enforced through lint rules or tests, if not then they are listed here:
export default
- unless you want to use it in React.lazy()
ks-demo-bootstrap
- https://github.com/knapsack-cloud/ks-demo-bootstrapimport { useSelector } from '@ks-app/app';
const MyComponent = () => {
// Autocompletion is your friend for accessing items in the datastore
const title = useSelector((s) => s?.settingsState?.settings?.title);
return <div>The title: {title}</div>;
};
View the data and use the Graphiql playground by going to https://db.knapsack.cloud - you'll be asked for the Admin Secret, which can be found inside your .env
file (run yarn vc:env-pull
if it's not found).
Start by either adding to or creating a my-data.gql
file inside the ./src
directory with something like:
query MyCustomData {
sites {
id
title
}
}
query MySingleSite($siteId: String!) {
sites_by_pk(id: $siteId) {
title
}
}
Run yarn gql:build
(taken care of for you during yarn start
) and you'll notice that the file my-data.gql.generated.tsx
was made right next to it. Import and use the custom Apollo useQuery
hooks functions inside:
import {
useMyCustomDataQuery,
useMySingleSiteQuery,
} from './my-data.gql.generated';
const MyComponent = () => {
const { loading, data, error } = useMyCustomDataQuery();
const { data: singleSiteData } = useMySingleSiteQuery({
variables: {
siteId: 'my-site-id',
},
});
const singlSiteTitle = singleSiteData?.sites_by_ok?.title;
return (
<ul>
{data.sites.map((site) => (
<li key={site.id}>{site.title}</li>
))}
</ul>
);
};
yarn sb:watch
to run Storybook/storybook
to view, for example: https://next.app.knapsack.cloud/storybook*.stories.tsx
is pulled in by Storybookyarn new story ./path/to/component.tsx
./scripts/plop/stories.tsx.hbs
./.storybook/
FAQs
## Handy Links
The npm package @knapsack/app-ui receives a total of 0 weekly downloads. As such, @knapsack/app-ui popularity was classified as not popular.
We found that @knapsack/app-ui demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.