Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@leather.io/ui

Package Overview
Dependencies
Maintainers
3
Versions
219
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@leather.io/ui

This package contains Leather Wallet's UI library for our web + React Native applications.

latest
npmnpm
Version
1.111.2
Version published
Maintainers
3
Created
Source

UI

This package contains Leather Wallet's UI library for our web + React Native applications.

Architecture

This package colocates Web and React Native code, such that commonalities such as shared logic and types are shared. The naming convention must be followed.

  • *.web.ts — bundled only for Web
  • *.native.ts — bundled only for React Native
  • *.shared.ts — bundled for all platforms

Web Setup

Our web apps use panda css. To setup in your application you need to:

  • Install @pandacss/dev
  • Setup panda css and configure it to acknowledge the library code
  • Configure Webpack to load the files correctly
  • Import the library styles from @leather.io/ui/styles

Panda configuration

Specify the library as part of the panda.config include:

  include: [
    './node_modules/@leather.io/ui/dist-web/**/*.{js,jsx,ts,tsx}',
    './src/**/*.{js,jsx,ts,tsx}',
  ],

Webpack configuration

  • Alias react and react-dom to avoid react errors.

  • Configure your module to handle jsx files

export const config = {
...
  module: {
    resolve: {
    ...
    alias: {
    'leather-styles': path.resolve('leather-styles'),
    'react': path.resolve('./node_modules/react'),
    'react-dom': path.resolve('./node_modules/react-dom')
    },
      ...
    rules: [
      ...
      {
        test: /\.(js)$/,
        include: [/node_modules\/@leather.io\/ui/],
        loader: 'esbuild-loader',
        options: { tsconfig: './tsconfig.json', loader: {'jsx'},target: 'es2020' },
      },

Security: Dynamic Content Sanitization

All dynamic HTML content rendered in the web app (such as FAQs, explainers, and CMS-driven posts) is sanitized using DOMPurify via a shared utility (sanitizeContent).

  • Browser: Uses DOMPurify to remove unsafe HTML and prevent XSS.
  • SSR: Falls back to escaping HTML tags to prevent injection.

This is enforced in all UI components that render user- or CMS-driven HTML, including FAQ, explainer, and post-driven UI elements.

A shared utility, sanitizeContent, is used throughout the codebase to sanitize any post content before rendering. Example usage:

import { sanitizeContent } from '@leather.io/ui/utils/sanitize-content';

const safeHtml = sanitizeContent(post.Summary);

This is applied in all FAQ, explainer, hover card, and heading components that render post content.

License

MIT © Leather Wallet LLC

⬅ Back

FAQs

Package last updated on 13 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security

Security News

Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security

Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.

By Sarah Gooding  -  May 27, 2026