Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@qn-pandora/pandora-visualization
Advanced tools
Pandora 通用可视化库
Pandora-Visualization 为可视化依赖库,以 Phoenix 引用 Pandora-Visualization 为例,介绍如何开发模式。
yarn install
React 15 与 16 版本中 Component 组件的接口不一致,为了让不同 React 版本的项目在引用 Pandora-Visualization 项目时不报错,需要修改@types/react --> index.d.ts 中 render 方法的签名,将返回值改成any
render(): any
为了便于调试,在 Phoenix 中引用 Pandora-Visualization 时,期望使用的是 Pandora-Visualization 的源文件,而非编译以后的文件。因此修改 Pandora-Visualization 的 package.json:
npm link
npm link pandora-visualization
假设 Pandora-Visualization 的项目路径为: /Users/sunzhiyuan/Documents/Qiniu/Source/pandora-visualization
,修改 Phoenix 的 webpack ts-loader 配置。
为减小最终应用的 bundle 体积,应尽量避免公共库被同时打包到 pandora-visualization 和引用 pandora-visualization 的应用中,例如react, antd, mobx, mobx-react
等库,应该只被打包到引用 pandora-visualization 的应用中,pandora-visualization 中应该不包含。约定 package.json 中peerDependencies
中的库不会被打包到最终生成的 bundle 中。
npm run build
FAQs
Pandora 通用可视化库
The npm package @qn-pandora/pandora-visualization receives a total of 222 weekly downloads. As such, @qn-pandora/pandora-visualization popularity was classified as not popular.
We found that @qn-pandora/pandora-visualization demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.