Product
Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies
A safer, faster way to eliminate vulnerabilities without updating dependencies
By Mikola Lysenko, Jordan Harband, Jonah Ghebremichael - Nov 18, 2025
🚀 DAY 2 OF LAUNCH WEEK: Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies.Learn more →
@mx-cartographer/experiences
Advanced tools
Getting started
In order to run the project you will need to make sure that you have yarn installed. It must be higher than 1.22 in order to do that you must have corepack enabled. Do not just run "npm i" to install dependencies, all packages must be installed with yarn.
- Install yarn
- From the project root dir, run
yarnoryarn installto install dependencies - To start the project run
yarn dev - The storybook project should automatically run in your local browser
- The QA storybook containing the latest Experience changes is accessible here
Publishing alpha versions
- Bump the version in package.json using the format
major.minor.patch-alpha.<yourinitials><n>See the version history for examples. - Run
npm publish --tag alpha.
Merging and Publishing
- Update CHANGELOG.md and include the version to publish using the standard
major.minor.patch. If there are breaking changes, we bump the major, new feature we bump minor and bug fixes or minor changes, we bump patch. - Request a MR review by commenting
shipit --review - Once the MR is approved, comment
shipit --publish-version=major|minor|patch. - Shipit will bump the version in package.json, merge and publish the package to npm.
React Library Application Template
This template is used to create projects in the Cartographer group
Create a Cartographer group project from the template
- Go to the Cartographer group and click "New Project"
- Click "Create from Template"
- Open the "Groups" tab
- Click "Use Template" in the React Library Application row
- Enter the project name and ensure that the visitibliy is set to internal. Add a description if needed
- Click "Create project" and you've created your project
Next steps:
Protect the Master branch
Note: A maintainer or owner will need to do this part
- Open Settings > Repository for the repo
- Expand the "Selected branches" section
- For the master branch, set the "Allowed to merge" option to "Developers + Maintainers" and the "Allowed to push" option to "No one"
Merge Request Approvals
- Open Settings > General for the repo
- Expand the "Merge request approvals section"
- Change approvals required to 1
Issue board
Under Issues > Boards, create a new board to track issues for that specific repo. Copy the labels/lists from the scoped issue board in the Cartographer group to create this one. The labels will be the same, but the new issue board will only shows issues created for this specific repo.
FAQs
Library containing experience widgets
We found that @mx-cartographer/experiences demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 17 open source maintainers collaborating on the project.
Package last updated on 28 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou Veileborg - Nov 17, 2025
Research
/Security News
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
By Olivia Brown - Nov 17, 2025