Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@pluralsight/design-tokens
Advanced tools
A project that creates the public tokens available for all platforms which is built using style dictionary.
To get the project up an running, all you need to do is make sure your deps are installed for this workspace.
In the project root (not this workspace), run
yarn install
This will setup all workspaces in this repo in addition to install all the deps needed to successfully use this workspace.
With style-dictionary, you are just creating static Yaml files, so there is no dev server or anything to run while adding tokens. However, we highly recommend you make sure all extensions that are recommended are installed in order to prevent triggering errors in our CI process.
There are two types of tokens to create: private or public.
These our all of the projects private tokens and single source of truth for each custom theme value (i.e. light, dark, flow-dark, etc.). Everything inside here will get filtered out during the build process. Private tokens are only meant to be used as reference items for public tokens.
Public tokens are the semantic tokens we ship to each team/product within Pluralsight. Therefore, it should rarely be updated or added to unless there is a new branding color/theme change.
This is to help keep all of our teams apps as performant as possible since the quanity and usage of tokens can make a negative impact in browsers.
If a theme needs to be updated (i.e. light, dark, flow-dark, etc.), all you need to do is edit the value
in the tokens/base/<file>.yaml
location. However, due to the custom tooling we are using, there are a few rules to consider:
Our base directory uses a file system that matches the PS Brand Theme color guide to help keep all of our themes consistent. For all themes, the "accent" correlates to the "default" semantic tokens.
To test your updates, run the build command for this workspace in the project root (not this workspace).
yarn workspace @pluralsight/design-tokens run build
You should see something like this output:
Copying files...
Source style dictionary files created!
Running `style-dictionary build` to generate build artifacts.
js
✔︎ build/index.js
css
✔︎ build/css/variables.css
scss
✔︎ build/scss/_variables.scss
android
✔︎ build/android/font_dimens.xml
✔︎ build/android/colors.xml
ios
✔︎ build/ios/StyleDictionaryColor.h
✔︎ build/ios/StyleDictionaryColor.m
No properties for StyleDictionarySize.h. File not created.
No properties for StyleDictionarySize.m. File not created.
ios-swift
✔︎ build/ios-swift/StyleDictionary.swift
ios-swift-separate-enums
✔︎ build/ios-swift/StyleDictionaryColor.swift
No properties for StyleDictionarySize.swift. File not created.
Depending on which platform you are testing, just reference the build file created.
FAQs
Design tokens for Pluralsight.
The npm package @pluralsight/design-tokens receives a total of 207 weekly downloads. As such, @pluralsight/design-tokens popularity was classified as not popular.
We found that @pluralsight/design-tokens demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.