Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@qingshaner/storybook-addon
Advanced tools
Qingshaner's storybook theme
npm run start
runs babel in watch mode and starts Storybooknpm run build
build and package your addon codeDon't want to use TypeScript? We offer a handy eject command: npm run eject-ts
This will convert all code to JS. It is a destructive process, so we recommended running this before you start writing any code.
The addon code lives in src
. It demonstrates all core addon related concepts. The three UI paradigms
src/Tool.tsx
src/Panel.tsx
src/Tab.tsx
Which, along with the addon itself, are registered in src/manager.ts
.
Managing State and interacting with a story:
src/withGlobals.ts
& src/Tool.tsx
demonstrates how to use useGlobals
to manage global state and modify the contents of a Story.src/withRoundTrip.ts
& src/Panel.tsx
demonstrates two-way communication using channels.src/Tab.tsx
demonstrates how to use useParameter
to access the current story's parameters.Your addon might use one or more of these patterns. Feel free to delete unused code. Update src/manager.ts
and src/preview.ts
accordingly.
Lastly, configure you addon name in src/constants.ts
.
Addons can interact with a Storybook project in multiple ways. It is recommended to familiarize yourself with the basics before getting started.
main.ts
configurations.Since each of these places represents a different environment with different features and modules, it is also recommended to split and build your modules accordingly. This addon-kit comes with a preconfigured bundling configuration that supports this split, and you are free to modify and extend it as needed.
You can define which modules match which environments in the package.json#bundler
property:
exportEntries
is a list of module entries that users can manually import from anywhere they need to. For example, you could have decorators that users need to import into their preview.ts
file or utility functions that can be used in their main.ts
files.managerEntries
is a list of module entries meant only for the manager UI. These modules will be bundled to ESM and won't include types since they are mostly loaded by Storybook directly.previewEntries
is a list of module entries meant only for the preview UI. These modules will be bundled to ESM and won't include types since they are mostly loaded by Storybook directly.Manager and preview entries are only used in the browser so they only output ESM modules. Export entries could be used both in the browser and in Node depending on their use case, so they both output ESM and CJS modules.
Storybook provides a predefined set of packages that are available in the manager UI and the preview UI. In the final bundle of your addon, these packages should not be included. Instead, the imports should stay in place, allowing Storybook to replace those imports with the actual packages during the Storybook build process.
The list of packages differs between the manager and the preview, which is why there is a slight difference between managerEntries
and previewEntries
. Most notably, react
and react-dom
are prebundled in the manager but not in the preview. This means that your manager entries can use React to build UI without bundling it or having a direct reference to it. Therefore, it is safe to have React as a devDependency
even though you are using it in production. Requiring React as a peer dependency would unnecessarily force your users to install React.
An exception to this rule is if you are using React to inject UI into the preview, which does not come prebundled with React. In such cases, you need to move react
and react-dom
to a peer dependency. However, we generally advise against this pattern since it would limit the usage of your addon to React-based Storybooks.
Storybook addons are listed in the catalog and distributed via npm. The catalog is populated by querying npm's registry for Storybook-specific metadata in package.json
. This project has been configured with sample data. Learn more about available options in the Addon metadata docs.
To help the community use your addon and understand its capabilities, please document it thoroughly.
To get started, replace this README with the content in this sample template, modeled after how essential addons (like Actions) are documented. Then update the content to describe your addon.
# My Addon
## Installation
First, install the package.
```sh
npm install --save-dev my-addon
```
Then, register it as an addon in `.storybook/main.js`.
```js
// .storybook/main.ts
// Replace your-framework with the framework you are using (e.g., react-webpack5, vue3-vite)
import type { StorybookConfig } from '@storybook/your-framework';
const config: StorybookConfig = {
// ...rest of config
addons: [
'@storybook/addon-essentials'
'my-addon', // 👈 register the addon here
],
};
export default config;
```
## Usage
The primary way to use this addon is to define the `exampleParameter` parameter. You can do this the
component level, as below, to affect all stories in the file, or you can do it for a single story.
```js
// Button.stories.ts
// Replace your-framework with the name of your framework
import type { Meta } from '@storybook/your-framework';
import { Button } from './Button';
const meta: Meta<typeof Button> = {
component: Button,
parameters: {
myAddon: {
exampleParameter: true,
// See API section below for available parameters
}
}
};
export default meta;
```
Another way to use the addon is...
## API
### Parameters
This addon contributes the following parameters to Storybook, under the `myAddon` namespace:
#### `disable`
Type: `boolean`
Disable this addon's behavior. This parameter is most useful to allow overriding at more specific
levels. For example, if this parameter is set to true at the project level, it could then be
re-enabled by setting it to false at the meta (component) or story level.
### Options
When registering this addon, you can configure it with the following options, which are passed when
registering the addon, like so:
```ts
// .storybook/main.ts
// Replace your-framework with the framework you are using (e.g., react-webpack5, vue3-vite)
import type { StorybookConfig } from '@storybook/your-framework';
const config: StorybookConfig = {
// ...rest of config
addons: [
'@storybook/essentials',
{
name: 'my-addon',
options: {
// 👈 options for my-addon go here
},
},
],
};
export default config;
```
#### `useExperimentalBehavior`
Type: `boolean`
Enable experimental behavior to...
This project is configured to use auto for release management. It generates a changelog and pushes it to both GitHub and npm. Therefore, you need to configure access to both:
NPM_TOKEN
Create a token with both Read and Publish permissions.GH_TOKEN
Create a token with the repo
scope.Then open your package.json
and edit the following fields:
name
author
repository
To use auto
locally create a .env
file at the root of your project and add your tokens to it:
GH_TOKEN=<value you just got from GitHub>
NPM_TOKEN=<value you just got from npm>
Lastly, create labels on GitHub. You’ll use these labels in the future when making changes to the package.
npx auto create-labels
If you check on GitHub, you’ll now see a set of labels that auto
would like you to use. Use these to tag future pull requests.
This template comes with GitHub actions already set up to publish your addon anytime someone pushes to your repository.
Go to Settings > Secrets
, click New repository secret
, and add your NPM_TOKEN
.
To create a release locally you can run the following command, otherwise the GitHub action will make the release for you.
npm run release
That will:
FAQs
Qingshaner's storybook theme
We found that @qingshaner/storybook-addon demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.