Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@loomhq/lens
Advanced tools
![](https://github.com/loomhq/lens/blob/main/assets/lens-banner.png?raw=true)
Add Lens to your app:
yarn add @loomhq/lens
Add dependencies:
yarn add @emotion/core
yarn add @emotion/styled
getThemeStylesString()
and getAllCssVarsString()
return strings that contain all CSS variables. Use these functions and inject the output to a style
tag in the head
:
import { getThemeStylesString, getAllCssVarsString } from '@loomhq/lens'
const style = document.createElement('style');
style.innerHTML = getThemeStylesString() + getAllCssVarsString();
document.head.appendChild(style);
In some cases you might need to inject the CSS variables to a specific element. Pass a string argument to getThemeStylesString()
and getAllCssVarsString()
:
getThemeStylesString('.myGlobalElement')
getAllCssVarsString('.myGlobalElement')
CSS classes are exported as a string and can be injected to a style
tag in the head
:
import { cssUtilities } from '@loomhq/lens'
const style = document.createElement('style');
style.innerHTML = cssUtilities();
document.head.appendChild(style);
pnpm i
pnpm dev
navigate to: http://localhost:3000
Please surface any urgent pull requests in #lens-designsystem.
Use conventional commitsmessages. Once the PR is merged it will kick off publishing a new version of Lens in npm.
From the root of the main Loom repo
cd projects/webapp-client
pnpm up -r @loomhq/lens --latest
This tells pnpm to find all packages in the workspace that use lens, and upgrade them all to the latest version
cd ... && pnpm deps:fix && pnpm i
This shouldn't be necessary, but will correct any blocking issues.
Issue: If you're still having issues accessing new imports or code features from Lens after the above commands,
make clean-node-deps
in root of the repo and then reinstall everything withpnpm i
.
.md
file for release.pnpm changeset
🦋 Which packages would you like to include?
✔ changed packages
✔ @loomhq/web-client
🦋 Which packages should have a major bump? …
🦋 Which packages should have a minor bump? …
The following packages will be patch bumped:
🦋 @loomhq/web-client@0.0.6
🦋 Please enter a summary for this change (this will be in the changelogs). Submit empty line to open external editor
🦋 Summary › [description goes here, enter to complete]
Write a concise note like bump Lens v[X.X.X] to add SvgIconName
You will be asked asked if this is your desired change. Type 'Y'.
All dependents of these packages that will be incompatible with the new version will be patch bumped when this changeset is applied.
🦋 Is this your desired changeset? (Y/n) › [type Y]
A new randomly-named .md
file should be generated into the changesets directory. Commit this file to your changes.
For any changes to existing components, do your due diligence and check the component changes locally within the repo.
Once you have the SVG of the new icon to be added, make sure all strokes are outlined. Set <svg>
attributes to viewBox="0 0 24 24" fill="none" {...props}
and <path>
attributes to fill="currentColor"
. Follow this for an example PR or watch https://www.loom.com/share/26e36c6616be4db386192467b88edbc9 for a step-by-step walkthrough.
FAQs
![](https://github.com/loomhq/lens/blob/main/assets/lens-banner.png?raw=true)
The npm package @loomhq/lens receives a total of 1,539 weekly downloads. As such, @loomhq/lens popularity was classified as popular.
We found that @loomhq/lens demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 106 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.