Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@qn-pandora/pandora-visualization
Advanced tools
Pandora 通用可视化库
@qn-pandora/pandora-visualization 为可视化依赖库,以 Phoenix 引用 @qn-pandora/pandora-visualization 为例,介绍如何开发模式。
# npm is not allowed
$ yarn install
注意:必须使用
yarn install
安装依赖,不可使用npm install
。当前 monrepo 采用 yarn workspace统一管理所有 package 的依赖,yarn.lock 文件位于顶层目录。
为了便于调试,在 Phoenix 中引用 @qn-pandora/pandora-visualization 时,期望使用的是 @qn-pandora/pandora-visualization 的源文件,而非编译以后的文件。因此修改 @qn-pandora/pandora-visualization 的 package.json:
$ npm link
$ npm link @qn-pandora/pandora-visualization
注意:
- 项目初始 clone 之后,至少经过一次全量编译(
npm run build
)。- build
@qn-pandora/app-sdk
:由于@qn-pandora/pandora-visualization
依赖于@qn-pandora/app-sdk
,yarn install
之后会创建软链指向@qn-pandora/app-sdk
。该包的入口文件为lib/index.js
,而源代码中不包含lib
目录,因此需要到@qn-pandora/app-sdk
目录下执行npm run build
。
为减小最终应用的 bundle 体积,应尽量避免公共库被同时打包到 @qn-pandora/pandora-visualization 和引用 @qn-pandora/pandora-visualization 的应用中。
例如react, antd, mobx, mobx-react
等库,应该只被打包到引用 @qn-pandora/pandora-visualization
的应用中,@qn-pandora/pandora-visualization
中应该不包含。
约定 package.json 中peerDependencies
中的库不会被打包到最终生成的 bundle 中。
全量编译
$ npm run build
快速编译
$ npm run build:fast
项目初始 clone 之后,至少经过一次全量编译,为了提高编译速度,以后可以采用快速编译。
FAQs
Pandora 通用可视化库
The npm package @qn-pandora/pandora-visualization receives a total of 222 weekly downloads. As such, @qn-pandora/pandora-visualization popularity was classified as not popular.
We found that @qn-pandora/pandora-visualization demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.