Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@quartz/interface
Advanced tools
Prism UI is a React-based component library. It is part of the Prism design system for [Quartz](https://qz.com/). The goal of this library is to centralize and document the building blocks of our web front-end. By doing this we hope to:
Prism UI is a React-based component library. It is part of the Prism design system for Quartz. The goal of this library is to centralize and document the building blocks of our web front-end. By doing this we hope to:
You can browse Prism UI components in Storybook at prism.qz.com. Each Storybook component has a Canvas view, for previewing the component, and a Docs view for reading the full documentation.
Prism UI is intended as a resource for the product team at Quartz, but it is publicly viewable by anyone inside or outside of Quartz. As such, please be mindful of including sensitive information in any branch of this repository.
We welcome feedback, bug reports and proposals using the Github issues page.
Within Quartz, you may also use the #product-prism-support
Slack channel for questions, feedback, and bug reports.
Prism UI can be installed as a dependency using npm:
npm install --save github:Quartz/interface
Until we are ready to publish this package on npm and use semantic versioning, we recommend specifying a commit hash in your dependency, e.g.
npm install --save github:Quartz/interface#90297da
React components can be imported from @quartz/interface
, like so:
import { Button } from '@quartz/interface';
Prism is written in TypeScript using JSX syntax and styled with SCSS. In the near future, we plan to release versions on npm that are compiled to JavaScript and CSS bundles. In the meantime, you must import the uncompiled components and use a build pipeline that can handle TypeScript, JSX, and SCSS. Prism assumes that your application uses React 16.8 or higher.
Make sure your build pipeline will transform the code in this package—tools like Webpack may ignore code in node_modules
by default.
Before you make a contribution to Prism UI, it’s worth asking yourself a few questions about the changes you want to make.
If you want to update a component:
If you want to add a new component:
If the answer to any of these questions is no, chat with your teammates about how best to achieve what you want. Don’t be afraid to ask questions in the #product-prism-support
Slack channel.
Each component should have a few files associated with it:
.jsx
).scss
).stories.jsx
) (Stories are written in MDX)test.js
)To run a local instance of Storybook, use npm start
. Hot-reloading is supported.
You may want to test your changes in a consuming repository, e.g. qz-react
, before opening a pull request. The easiest way to do this is to publish a branch of this repository with your changes, e.g.
git checkout -b my-new-component
git commit -am "My new component WIP"
git push -u origin/my-new-component
In your consuming repository, you can then install this branch as a dependency and import your component:
npm i github:Quartz/interface#my-new-component
import { MyNewComponent } from '@quartz/interface/src/components'
Once your pull request to Quartz/interface
has been merged, take the commit hash containing your changes and in qz-react
run:
npm i --save github:Quartz/interface#[YOUR_COMMIT_HASH]
Then open a second pull request in qz-react with the updated package.json
and package-lock.json
files.
Before opening a pull request with a new or updated library entry, please review the following checklist:
npm test
)[COMPONENT_NAME].story.jsx
and [COMPONENT_NAME].docs.mdx
file (formatting guide)/**
* Whether the button is interactive. Forwarded to the button element.
*/
disabled: PropTypes.bool.isRequired,
props.description
instead of props.text
PropTypes.arrayOf
src/components/index.js
InfoPanel
instead of HomepageDescription
, CallToAction
instead of SubscribeButton
, WarningText
instead of PaymentWarning
, etc.props.children
when appropriate, for example when the component will render a single element with an open and closing HTML tagaria-label
attribute and nothing else should be named ariaLabel
and not, for example, label
or a11yLabel
[COMPONENT_NAME].test.js
file. Tests that check for idempotent render output, such as snapshot tests, are discouragedActions
tab for an easy overview or the yaml files in ./github/workflows
. Through these actions we can:prism.qz.com
through an AWS S3 bucketprism.qz.com
is automatically deployed when a PR is merged to the main
branch./releases
), draft a new release, target the main
branch, and add sequentially number the latest release according to major or minor semantic release version.FAQs
Prism UI is a React-based component library. It is part of the Prism design system for [Quartz](https://qz.com/). The goal of this library is to centralize and document the building blocks of our web front-end. By doing this we hope to:
We found that @quartz/interface demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.