Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@paprika/stylers
Advanced tools
The stylers
package is a companion for the tokens
package, they are both implementations of the Starling Design System for use in styling user interfaces. The stylers
are more than just simple values however, they are helper functions and bundles of CSS rules.
yarn add @paprika/stylers
or with npm:
npm install @paprika/stylers
stylers
are intended for use internally and externally.
Internally, when contributors create Paprika components, and externally, when application developers consume Paprika to create user interfaces with the Starling Design System.
Typically consumers will be using tokens with Sass. They can be included in any Sass file with:
@import "@paprika/stylers/lib/helpers.scss";
Then you should be able to use Sass functions like font-size()
and spacer()
as well as mixins like @include truncate-text;
and @include focus-ring(true)
.
For scalability, in implementation of the stylers
is split into:
includes.js
and formIncludes.js
(for bundles of styling rules)helpers.js
(functions that take an input and generate a value or styling rule/rules).FAQs
Helpers and includes for styled-components
We found that @paprika/stylers demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.