Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@paypal/example-components
Advanced tools
Readme
Example standalone component to be included in unified PayPal/Braintree client SDK
See src/index.js
Run the tests:
npm test
npm run karma -- --browser=Chrome
npm run karma -- --browser=Safari
npm run karma -- --browser=Firefox
npm run karma -- --browser=Chrome,Safari,Firefox
npm run karma -- --browser=Chrome --keep-open
npm run release
npm run release:patch
, npm run release:minor
, npm run release:major
/src
- any code which should be transpiled, published, and end up in production/test
- karma tests for everything in /src
__sdk__.js
- metadata for compiling and bundling the final component/src/component.js
This module exports the public interface for the component.
export let LebowskiPay = {
render(options) {
...
}
};
Then the integrating site can run:
paypal.LebowskiPay.render({ ... });
/__sdk__.js
__sdk__.js
defines any metadata which helps the sdk server compile and serve up the component.
export default {
/**
* Define the lebowski-pay component
* Now developers can include paypal.com/sdk/js?components=lebowski-pay
*/
'lebowski-pay': {
/**
* Entry point. Everything exported from this module will be exported
* in the `window.paypal` namespace.
*/
entry: './src/index',
/**
* Define a static namespace.
* Server config will be available under the `__lebowski_pay__.serverConfig` global
*/
staticNamespace: '__lebowski_pay__',
/**
* Define configuration required by this module
*
* - This should be in the form of a graphql query.
* - The query will be merged with queries defined by other modules
* - The final config will be passed as `__lebowski_pay__.serverConfig` in `./src/index`
*/
configQuery: `
fundingEligibility {
card {
branded
}
}
`
}
};
Why is there no webpack config, dist folder, or npm build command?
This module (and modules like it) are not intended to be built as standalone components. It will be pulled in and compiled/bundled on the server-side, then combined with other modules.
When should I publish?
When you publish, you're signing off on your changes being code-complete, fully tested, and ready for release. Publishing will not immediately trigger a deploy, but please only publish changes which are in a deployable state.
Can I define multiple components in one repo?
Absolutely. __sdk__.js
allows defining multiple entry points. These should generally represent different logical ui components, with separate concerns, and loose coupling. For example:
modules: {
'lebowski-pay': {
entry: './src/components/lebowski-pay'
},
'walter-pay': {
entry: './src/components/walter-pay'
},
'donnie-pay': {
entry: './src/components/donnie-pay'
}
},
Please bear in mind that this opens the door to any combination or permutation of these modules to be requested by the merchant -- hence the need for loose coupling. donnie-pay
should never have a hard dependency on lebowski-pay
being present.
Where is all of the karma, webpack, eslint, etc. config coming from?
This module uses grumbler-scripts
as a common source of configuration and defaults. Any of these can be overriden, either partially, or entirely, depending on the individual needs of the module. You'll notice .eslintrc.js
, karma.conf.js
, etc. are lightweight wrappers which only define module-specific overrides.
FAQs
Example component module for a component for unified PayPal/Braintree web sdk
The npm package @paypal/example-components receives a total of 19 weekly downloads. As such, @paypal/example-components popularity was classified as not popular.
We found that @paypal/example-components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 39 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.