Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@pluralsight/design-tokens
Advanced tools
The foundation package to the Pando ecosystem which creates design tokens for all platforms using style dictionary.
erDiagram
PANDO ||--o{ DESIGN-TOKENS : contains
PANDO ||--o{ ICONS : contains
PANDO ||--o{ HEADLESS-STYLES : contains
PANDO ||--o{ REACT-UTILS : contains
DESIGN-TOKENS ||..|{ NORMALIZE-SETUP : contains
NORMALIZE-SETUP ||..|{ THEMES : contains
HEADLESS-STYLES ||--|{ DESIGN-TOKENS : uses
Despite this being one of the simplist packages (SCSS & YAML), it plays a foundational role in the entire Pando ecosystem.
The design-tokens package owns all the themes available from Pando via the tokens/base directory. This folder ultimately runs through our custom Style Dictionary config for both web and mobile to produce our themes and Web Meta.
Additionally, the design-tokens package owns the Fonts & Normalize Setup. This process is separate from tokens and uses SASS to pre-process the entry file.
We also generate our Themes from the Normalize pre-processing which allows us to combine the power of both SASS and Style Dictionary. This allows us to both establish and set a default theme as a fallback via CSS so there is no need for unneccessary Javascript/Typescript logic to do the same.
To get the project up an running, all you need to do is make sure your deps are installed for this workspace.
In the project root (not this workspace), run
yarn install
This will setup all workspaces in this repo in addition to install all the deps needed to successfully use this workspace.
With style-dictionary, you are just creating static Yaml files, so there is no dev server or anything to run while adding tokens. However, we highly recommend you make sure all extensions that are recommended are installed in order to prevent triggering errors in our CI process.
There are two types of tokens to create: private or public.
These our all of the projects private tokens and single source of truth for each custom theme value (i.e. light, dark, flow-dark, etc.). Everything inside here will get filtered out during the build process. Private tokens are only meant to be used as reference items for public tokens.
Public tokens are the semantic tokens we ship to each team/product within Pluralsight. Therefore, it should rarely be updated or added to unless there is a new branding color/theme change.
This is to help keep all of our teams apps as performant as possible since the quanity and usage of tokens can make a negative impact in browsers.
If a theme needs to be updated (i.e. light, dark, flow-dark, etc.), all you need to do is edit the value
in the tokens/base/<file>.yaml
location. However, due to the custom tooling we are using, there are a few rules to consider:
Our base directory uses a file system that matches the PS Brand Theme color guide to help keep all of our themes consistent. For all themes, the "accent" correlates to the "default" semantic tokens.
To test your updates, run the build command for this workspace in the project root (not this workspace).
yarn workspace @pluralsight/design-tokens run build
You should see something like this output:
Copying files...
Source style dictionary files created!
Running `style-dictionary build` to generate build artifacts.
js
✔︎ build/index.js
css
✔︎ build/css/variables.css
scss
✔︎ build/scss/_variables.scss
android
✔︎ build/android/font_dimens.xml
✔︎ build/android/colors.xml
ios
✔︎ build/ios/StyleDictionaryColor.h
✔︎ build/ios/StyleDictionaryColor.m
No properties for StyleDictionarySize.h. File not created.
No properties for StyleDictionarySize.m. File not created.
ios-swift
✔︎ build/ios-swift/StyleDictionary.swift
ios-swift-separate-enums
✔︎ build/ios-swift/StyleDictionaryColor.swift
No properties for StyleDictionarySize.swift. File not created.
Depending on which platform you are testing, just reference the build file created.
If you plan on contributing to this project, please take time to read our CONTRIBUTING.md. Pull requests that do not adhere to the requirements in this doc will automatically be flagged and closed.
FAQs
Design tokens for Pluralsight.
The npm package @pluralsight/design-tokens receives a total of 167 weekly downloads. As such, @pluralsight/design-tokens popularity was classified as not popular.
We found that @pluralsight/design-tokens demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.