
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
@pandacss/parser
Advanced tools
1.3.1 - 2025-09-18
JSX Style Context
Fix type issue where withRootProvider
from style context incorrectly allowed JSX style props to be passed through
to the root component.
Fix issue where defaultProps
was not supported in withRootProvider
across all framework implementations (React,
Preact, Vue, Solid).
const RootProvider = withRootProvider(Component, {
defaultProps: {
className: 'root-provider',
// other default props
},
})
Fix issue in React where combining wrapping a style context component with styled
caused ref
to be incorrectly
typed.
JSX Recipe Tracking: Fix issue where Panda eagerly tracks every JSX slot of a slot recipe when scanning for recipe props. For example, assume you have a tabs recipe with the following slots:
<Tabs.Root>
<Tabs.List>
<Tabs.Trigger />
</Tabs.List>
<Tabs.Content />
</Tabs.Root>
Panda tracks recipe props in Tabs.Root
, Tabs.List
, Tabs.Trigger
, and Tabs.Content
. This can lead to slightly
more works in the compiler. Now, Panda only tracks recipe props in the Tabs.Root
slot.
FAQs
The static parser for panda css
The npm package @pandacss/parser receives a total of 128,937 weekly downloads. As such, @pandacss/parser popularity was classified as popular.
We found that @pandacss/parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.