Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@n8n_io/n8n-demo-component
Advanced tools
This project includes a component using LitElement with TypeScript to render workflow previews.
Install dependencies:
npm i
It uses the TypeScript compiler to produce JavaScript that runs in modern browsers.
To build the JavaScript version of your component:
npm run build
To watch files and rebuild when the files are modified, run the following command in a separate shell:
npm run build:watch
Both the TypeScript compiler and lit-analyzer are configured to be very strict. You may want to change tsconfig.json
to make them less strict.
It uses modern-web.dev's @web/test-runner along with Mocha, Chai, and some related helpers for testing. See the modern-web.dev testing documentation for more information.
Tests can be run with the test
script, which will run your tests against Lit's development mode (with more verbose errors) as well as against Lit's production mode:
npm test
For local testing during development, the test:dev:watch
command will run your tests in Lit's development mode (with verbose errors) on every change to your source files:
npm test:watch
Alternatively the test:prod
and test:prod:watch
commands will run your tests in Lit's production mode.
It uses modern-web.dev's @web/dev-server for previewing the project without additional build steps. Web Dev Server handles resolving Node-style "bare" import specifiers, which aren't supported in browsers. It also automatically transpiles JavaScript and adds polyfills to support older browsers. See modern-web.dev's Web Dev Server documentation for more information.
To run the dev server and open the project in a new browser tab:
npm run serve
There is a development HTML file located at /dev/index.html
that you can view at http://localhost:8000/dev/index.html. Note that this command will serve your code using Lit's development mode (with more verbose errors). To serve your code against Lit's production mode, use npm run serve:prod
.
If you use VS Code, we highly recommend the lit-plugin extension, which enables some extremely useful features for lit-html templates:
The project is setup to recommend lit-plugin to VS Code users if they don't already have it installed.
Linting of TypeScript files is provided by ESLint and TypeScript ESLint. In addition, lit-analyzer is used to type-check and lint lit-html templates with the same engine and rules as lit-plugin.
The rules are mostly the recommended rules from each project, but some have been turned off to make LitElement usage easier. The recommended rules are pretty strict, so you may want to relax them by editing .eslintrc.json
and tsconfig.json
.
To lint the project run:
npm run lint
Prettier is used for code formatting. It has been pre-configured according to the Lit's style. You can change this in .prettierrc.json
.
Prettier has not been configured to run when committing files, but this can be added with Husky and and pretty-quick
. See the prettier.io site for instructions.
This project includes a simple website generated with the eleventy static site generator and the templates and pages in /docs-src
. The site is generated to /docs
and intended to be checked in so that GitHub pages can serve the site from /docs
on the master branch.
To enable the site go to the GitHub settings and change the GitHub Pages "Source" setting to "master branch /docs folder".
To build the site, run:
npm run docs
To serve the site locally, run:
npm run docs:serve
To watch the site files, and re-build automatically, run:
npm run docs:watch
The site will usually be served at http://localhost:8000.
This project doesn't include any build-time optimizations like bundling or minification. We recommend publishing components as unoptimized JavaScript modules, and performing build-time optimizations at the application level. This gives build tools the best chance to deduplicate code, remove dead code, and so on.
For information on building application projects that include LitElement components, see Build for production on the Lit site.
npm run build
to update n8n-demo.bundled.js
package.json
and package-lock.json
version (an example)npm publish
if you have access. Ask mutasem or Jan for access to npm.https://cdn.jsdelivr.net/npm/@n8n_io/n8n-demo-component/n8n-demo.bundled.js
from the cache hereSee Get started on the Lit site for more information.
FAQs
web component for workflow previews
We found that @n8n_io/n8n-demo-component demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.