
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
@public-ui/components
Advanced tools
Contains all web components that belong to KoliBri - The accessible HTML-Standard.
KoliBri Components is a production-ready library of accessible Web Components built with Stencil. It powers the KoliBri design system and ships as the @public-ui/components package for use in any modern web stack.
New here? Start with the documentation or the architecture overview.
pnpm add @public-ui/components @public-ui/theme-default
Register the component set and a theme once during app bootstrap:
import { register } from '@public-ui/components';
import { defineCustomElements } from '@public-ui/components/loader';
import { DEFAULT } from '@public-ui/theme-default';
register(DEFAULT, defineCustomElements).catch(console.error);
Then use the components anywhere in your markup:
<kol-button _label="Hello KoliBri"></kol-button>
For an improved developer experience, use the framework-specific adapters described in the framework guides.
KoliBri themes provide the visual layer for the components. The default theme is maintained in this repository; see the default theme guide to customize styles and tokens.
FAQs
Contains all web components that belong to KoliBri - The accessible HTML-Standard.
The npm package @public-ui/components receives a total of 6,380 weekly downloads. As such, @public-ui/components popularity was classified as popular.
We found that @public-ui/components demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.