Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@misk/common
Advanced tools
This package provides shared libraries, externals, and styles across Misk tab repos.
$ yarn add @misk/common
@misk/dev
, vendors.js
and styles.js
will automatically be included in the build of that repo.@misk/dev
, use the Manual Inclusion steps below.Using the common vendors libraries and styles. We use copy-webpack-plugin
to copy the compiled vendor.js
and styles.js
files into build folder.
Install copy-webpack-plugin
npm i -D copy-webpack-plugin
Add the following to your webpack.config.js
const CopyWebpackPlugin = require('copy-webpack-plugin');
...
module.exports = {
mode
entry
...
plugins: [
new CopyWebpackPlugin(
[{ from: './node_modules/@misk/common/lib' }],
{ debug: 'info', copyUnmodified: true }
)
],
}
Add the following to your index.html
to import styles.css
, vendors.js
, and common.js
<body>
<!-- Misk Common Libraries -->
<link rel="stylesheet" type="text/css" href="/@misk/common/styles.css" />
<script type="text/javascript" src="/@misk/common/vendors.js" preload />
<script type="text/javascript" src="/@misk/common/common.js" preload />
<!-- Other JS -->
</body>
From package.json
:
@blueprintjs/core
@blueprintjs/icons
axios
connected-react-router
dayjs
history
immutable
react
react-dom
react-helmet
react-hot-loader
react-redux
react-router
react-router-dom
react-router-redux
react-transition-group
redux
redux-saga
skeleton-css
styled-components
import '../node_modules/@blueprintjs/core/lib/css/blueprint.css'
import '../node_modules/normalize.css/normalize.css'
import '../node_modules/skeleton-css/css/skeleton.css'
import './styles/misk-common.css'
#Adding a new package
yarn add {package}
to add the package to package.json
vendorExternals
in @misk/dev/externals.js
src/vendors.js
README.md
with a copy of the updated package.json
list of packages#Adding a Cached Remote Asset
vendors.js
or styles.js
package.json
under the metadata key "miskCachedUrls"
with the format as follows
"miskCachedUrls": {
"taskname": {
"filepath": "font.css",
"url": "https://url.com/fonts/font.css"
},
"taskname2": {...}
}
taskname
: string description of the remote assetfilepath
: filepath within @misk/common/cachedUrls/
to which the url will be downloadedurl
: valid url that within a browser downloads or presents the desired fileyarn run refresh
initiates the download of all declared "miskCachedUrls"
using code in ./refreshCachedUrls.js
webpack.config.js
: Exports common variables and functionswebpack.static.config.js
: Exports common styles filewebpack.vendor.config.js
: Exports common vendors library file0.3.1
Thu, 05 Aug 2021 04:40:22 GMT
FAQs
Misk-Web Common Libraries, Styles
The npm package @misk/common receives a total of 295 weekly downloads. As such, @misk/common popularity was classified as not popular.
We found that @misk/common demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.