Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@manifoldco/mercury
Advanced tools
Design tokens auto-generated from our Figma files.
With Node installed, run the following in the project folder of your choice:
npm install @manifoldco/mercury
To view the component library:
npm install
npm run dev
Components live in the ./src/components/
folder, in *.scss
files. To add a
new widget
component:
@mixin
at src/components/_widget.scss
using our CSS
styleguide. Refer to the other *.scss
files in that folder for reference.stories/widget.stories.js
for the markup, and
stories/widget.scss
if needed. Refer to the other stories for reference.Some good things to keep in mind:
*.scss
file you ship in src/components
will be shipped with Mercury. Make sure it’s
polished!stories/*
will NOT ship with Mercury. Make sure that you
didn’t accidentally leave essential styles in there!@mixin
s in Sass.These allow the consumer to pick the final CSS class names, and
they also allow build CSS to tree-shake (important for Manifold Components).When everything looks good, open a PR and a member of the front-end team can review.
To understand the Figma updates, you’ll need to think in terms of transformers and targets.
We currently have the following transformers in Figma: color
, gradient
, typography
, and
shadow
. Each of those transformers in the ./figma/transformers
directory
map to a style namespace in Mercury. Each transformer takes the Figma REST API data (JSON), pulls
out what it needs for each, and converts the end result to a JS object.
After each transformer has generated its own object, each target is responsible for taking that
collection and converting it to a file output. Currently we have 2 targets: JS and Sass.
Each of those map to a file in ./figma/targets
. The JS target is the simplest, as
it basically writes the object as-is from transformers. The Sass target has to do a little more
work, converting JS ({ fontSize: '12px' }
) to CSS strings (font-size: 12px;
), as well as
generating some wrappers (@mixin Manifold__Typography { … }
). But overall, it’s not too much work.
OK, but how do I add something? Your process from here will be somewhat trial-and-error, because
every “thing” you want to add will follow a different process (compare the color
vs typography
transformers to see that they do different things). But your best helpers will be The Figma REST
docs to understand the data, as well as browsing an export of the Figma JSON for
Manifold to see what structure the API is returning (tip: save your own local copy of
the REST data if it’s changed drastically from that Gist).
In short: your goal is to trawl through the meta and files JSON that Figma provides, and pull out what you need into a JS object (transformers) that can be exported to JS and Sass (targets). Reach out to Drew if you need help.
Updating from Figma happens ✨ automatically ✨ with a daily check. If you want to manually update
(perhaps you’re testing something), create a Figma token and add a new line to
your ~/.zshrc
or ~/.bashrc
(whichever exists on your machine; most likely the former):
export FIGMA_TOKEN=[token]
Then run:
npm run extract
npm deployment happens ✨ automatically ✨ whenever Figma is updated.
In order to release versions yourself, you’ll have to do so manually. Locally, run:
make package
Update pkg/package.json
’s version
manually, and run:
cd pkg && npm publish --tag next
FAQs
Manifold Design System
The npm package @manifoldco/mercury receives a total of 0 weekly downloads. As such, @manifoldco/mercury popularity was classified as not popular.
We found that @manifoldco/mercury demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.