Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@lion/core
Advanced tools
The core package is mostly for in-depth usage.
It handles the version of lit-element
and lit-html
.
To be sure a compatible version is used you should import it via this package.
// DO
import { LitElement, html, render } from '@lion/core';
// DON'T
import { LitElement, html, render } from 'lit-element';
These features are not well documented - care to help out?
npm i --save @lion/core
import { dedupeMixin, LitElement } from '@lion/core';
const BaseMixin = dedupeMixin((superClass) => {
return class extends superClass { ... };
});
Imagine you are developing web components and creating ES classes for Custom Elements. You have two generic mixins (let's say M1
and M2
) which require independently the same even more generic mixin (BaseMixin
). M1
and M2
can be used independently, that means they have to inherit from BaseMixin
also independently. But they can be also used in combination. Sometimes M1
and M2
are used in the same component and can mess up the inheritance chain if BaseMixin
is applied twice.
In other words, this may happen to the protoype chain ... -> M2 -> BaseMixin -> M1 -> BaseMixin -> ...
.
An example of this may be a LocalizeMixin
used across different components and mixins. Some mixins may need it and many components need it too and can not rely on other mixins to have it by default, so must inherit from it independently.
The more generic the mixin is, the higher the chance of being applied more than once. As a mixin author you can't control how it is used, and can't always predict it. So as a safety measure it is always recommended to create deduping mixins.
This is an example of how to make a conventional ES mixin deduping.
const BaseMixin = dedupeMixin((superClass) => {
return class extends superClass { ... };
});
// inherits from BaseMixin
const M1 = dedupeMixin((superClass) => {
return class extends BaseMixin(superClass) { ... };
});
// inherits from BaseMixin
const M2 = dedupeMixin((superClass) => {
return class extends BaseMixin(superClass) { ... };
});
// component inherits from M1
// MyCustomElement -> M1 -> BaseMixin -> BaseCustomElement;
class MyCustomElement extends M1(BaseCustomElement) { ... }
// component inherits from M2
// MyCustomElement -> M2 -> BaseMixin -> BaseCustomElement;
class MyCustomElement extends M2(BaseCustomElement) { ... }
// component inherits from both M1 and M2
// MyCustomElement -> M2 -> M1 -> BaseMixin -> BaseCustomElement;
class MyCustomElement extends M2(M1(BaseCustomElement)) { ... }
FAQs
Core functionality that is shared across all Lion Web Components
The npm package @lion/core receives a total of 10,488 weekly downloads. As such, @lion/core popularity was classified as popular.
We found that @lion/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.