Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@pluralsight/react
Advanced tools
A library of React components and hooks that help manage advanced React features like State and accessibility.
erDiagram
PANDO ||--o{ DESIGN-TOKENS : contains
PANDO ||--o{ ICONS : contains
PANDO ||--o{ HEADLESS-STYLES : contains
PANDO ||--o{ REACT : contains
PANDO ||--o{ REACT-UTILS : contains
DESIGN-TOKENS ||..|{ NORMALIZE-SETUP : contains
NORMALIZE-SETUP ||..|{ THEMES : contains
HEADLESS-STYLES ||--|{ DESIGN-TOKENS : uses
REACT ||--|{ HEADLESS-STYLES : uses
REACT ||--|{ REACT-UTILS : uses
This package utilizes the latest version of React to deliver component-based abstractions, helpers, and hooks of the Headless-styles library.
The react package is dependant on the Headless-styles library, and works cohesively with the other libraries when combined with them. It's true purpose is to provide a component and hook library within the Pando Normalize system (i.e. themes, etc.).
This project uses Yarn 3 with PnP so there are no setup commands needed. If you get any errors, you may need to run an initial yarn install
or ensure you are using Node >= 18.
We utilize a Vite TS/React sandbox to help keep security issues, complexity, and dependency size down which is a common problem when using a tool like Storybook.
From the root directory of the project, run:
yarn start:react-sandbox
To run your unit tests, make sure you are in the project root directory not this workspace - and run:
yarn test
If you plan on contributing to this project, please take time to read our CONTRIBUTING.md. Pull requests that do not adhere to the requirements in this doc will automatically be flagged and closed.
FAQs
A React component library for Pando.
We found that @pluralsight/react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.