Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
@posten/hedwig
Advanced tools
The new Hedwig Design System is now stable and can be found here. This repository will be minimally maintained.
npm install
npm run dev
We will not support changes and updates on older major releases of Hedwig. Users of the Hedwig repo are responsible for
This repo is public, so please consider this when contributing
First of all: let the community know on the internal #hedwig slack channel what you need and how you plan to solve it. There might be other teams that also would benefit from your solution. Either way there will probably be one of two outcomes:
If you are adding new functionality to Hediwg please follow the below development giuidelines below.
If the thing you're changing or adding is specific to your project, and not all sites using Hedwig, use a separate css file to add or override functionality using your own classes and components.
data-attributes
to attach functionality.To add a new feature:
git checkout -b branchname
)/templates
folder)To modify an existing feature follow the same process, but also remember the versioning system. If there is a breaking change, or if this might impact existing sites using hedwig, update the version number. See below for details.
clone this repo
npm install # to install dependencies
npm run dev # start local development server
Tip: In order to test changes on a locally running application which uses hedwig, replace the dependencies with the following dev server URLs (after running hedwig locally):
http://localhost:3001/posten.css
http://localhost:3001/main.js
The staging environment is setup in Heroku as a separate app. All the assets are copied to docs
folder and referred from there in this branch.
Pushing a new change will automatically deploy the app in Heroku.
setup_staging
task need to be run whenever the staging branch is reset. It copies the scripts/Procfile
to the root folder. Commit and push the file in staging
branch only.
master
branch shouldn't have a Procfile.
Hedwig uses semantic versioning to make sure once a site starts using it, the CSS file won't suddenly change and break the site. The version number is located in package.json
, and will be appended to the .css
and .js
files. Example - bring-1.0.3.css
.
When a breaking change is added, a new major version is required.
Production CSS, JavaScript and assets are served through a CDN using jsDelivr.
We use FontAwesome for functional icons. Not all FontAweseome icons are available in Hedwig You will find available icons here. If you need to use an icon from FontAwesome that is not allready added in Hedwig you need to add it and open a pull request.
To add the authToken to your environment, in ~/.bashrc add the following line:
export NPM_TOKEN=[authToken]
The token needs to be replaced by a real token.
Hedwig use SVG sprite for special icons and logos. These icons must only be used in conjunction with its service or service name.
assets/icons/
foldernpm run svg
to generate SVG sprite. npm run build
or npm run dev
will both also produce the SVG spriteWe use inline SVG's for icons.
Linting our project is import to keep a holistic code base. It is recommended to use a linting plugin for your editor while developing.
JavaScript uses ESLint with the Airbnb config.
CSS uses Stylelint with the standard config.
The /scripts
folder contains a set of custom scripts that helps compile the docs.
List of npm scripts:
dev
: Starts the watcher and starts the node server (in development mode)Q: I have a question! Who do i ask? A: Use the Hedwig slack channel!
The Hedwig Team is resposible for maintaining the Hedwig repo. Contact us with any questions or feedback either in the #hedwig Slack channel or hedwig@posten.no
development helpers:
included in bundle:
FAQs
Bring Design System
We found that @posten/hedwig demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.