Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@pluralsight/design-tokens
Advanced tools
The foundation package to the Pando ecosystem which creates design tokens for all platforms using style dictionary.
erDiagram
PANDO ||--o{ DESIGN-TOKENS : contains
PANDO ||--o{ ICONS : contains
PANDO ||--o{ HEADLESS-STYLES : contains
PANDO ||--o{ REACT-UTILS : contains
DESIGN-TOKENS ||..|{ NORMALIZE-SETUP : contains
NORMALIZE-SETUP ||..|{ THEMES : contains
HEADLESS-STYLES ||--|{ DESIGN-TOKENS : uses
Despite this being one of the simplist packages (SCSS & YAML), it plays a foundational role in the entire Pando ecosystem.
The design-tokens package owns all the themes available from Pando via the tokens/base directory. This folder ultimately runs through our custom Style Dictionary config for both web and mobile to produce our themes and Web Meta.
Additionally, the design-tokens package owns the Fonts & Normalize Setup. This process is separate from tokens and uses SASS to pre-process the entry file.
We also generate our Themes from the Normalize pre-processing which allows us to combine the power of both SASS and Style Dictionary. This allows us to both establish and set a default theme as a fallback via CSS so there is no need for unnecessary Javascript/Typescript logic to do the same.
To get the project up an running, all you need to do is make sure your deps are installed for this workspace.
In the project root (not this workspace), run
pnpm install
This will setup all workspaces in this repo in addition to install all the deps needed to successfully use this workspace.
With style-dictionary, you are just creating static Yaml files, so there is no dev server or anything to run while adding tokens. However, we highly recommend you make sure all extensions that are recommended are installed in order to prevent triggering errors in our CI process.
There are two types of tokens to create: private or public.
These our all of the projects private tokens and single source of truth for each custom theme value (i.e. light, dark, flow-dark, etc.). Everything inside here will get filtered out during the build process. Private tokens are only meant to be used as reference items for public tokens.
Public tokens are the semantic tokens we ship to each team/product within Pluralsight. Therefore, it should rarely be updated or added to unless there is a new branding color/theme change.
This is to help keep all of our teams apps as performant as possible since the quantity and usage of tokens can make a negative impact in browsers.
If a theme needs to be updated (i.e. light, dark, flow-dark, etc.), all you need to do is edit the value
in the tokens/base/<file>.yaml
location. However, due to the custom tooling we are using, there are a few rules to consider:
Our base directory uses a file system that matches the PS Brand Theme color guide to help keep all of our themes consistent. For all themes, the "accent" correlates to the "default" semantic tokens.
To test your updates, run the build command for this workspace in the project root (not this workspace).
pnpm --filter @pluralsight/design-tokens build
You should see something like this output:
Copying files...
Source style dictionary files created!
Running `style-dictionary build` to generate build artifacts.
js
✔︎ build/index.js
css
✔︎ build/css/variables.css
scss
✔︎ build/scss/_variables.scss
android
✔︎ build/android/font_dimens.xml
✔︎ build/android/colors.xml
ios
✔︎ build/ios/StyleDictionaryColor.h
✔︎ build/ios/StyleDictionaryColor.m
No properties for StyleDictionarySize.h. File not created.
No properties for StyleDictionarySize.m. File not created.
ios-swift
✔︎ build/ios-swift/StyleDictionary.swift
ios-swift-separate-enums
✔︎ build/ios-swift/StyleDictionaryColor.swift
No properties for StyleDictionarySize.swift. File not created.
Depending on which platform you are testing, just reference the build file created.
If you plan on contributing to this project, please take time to read our CONTRIBUTING.md. Pull requests that do not adhere to the requirements in this doc will automatically be flagged and closed.
FAQs
Design tokens for Pluralsight.
The npm package @pluralsight/design-tokens receives a total of 167 weekly downloads. As such, @pluralsight/design-tokens popularity was classified as not popular.
We found that @pluralsight/design-tokens demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.