New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@riverty/fonts

Package Overview
Dependencies
Maintainers
5
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@riverty/fonts

Riverty Design System: fonts

latest
npmnpm
Version
2.2.0
Version published
Maintainers
5
Created
Source

Riverty Design System: Fonts

Riverty, your flexible Payment Companion. 25+ million users, 1+ billion secure transactions.

Riverty Design System: a design and development toolkit tailor-made for Riverty teams and collaborators.

designsystem.riverty.com

Contributing

We welcome contributions to the Fonts package! This package manages web fonts and @font-face definitions.

Development Setup

cd packages/fonts
npm install
npm run build  # Process fonts and generate CSS

Structure

src/
├── fonts/              # Font files (woff2, woff, etc.)
└── font-faces.scss     # @font-face definitions

Font Configuration

Font metadata is defined in fonts.json:

{
  "fonts": [
    {
      "family": "Riverty Sans",
      "weight": 400,
      "style": "normal",
      "files": {
        "woff2": "riverty-sans-regular.woff2",
        "woff": "riverty-sans-regular.woff"
      }
    }
  ]
}

Working with Fonts

  • Adding new font files:

    • Place font files in src/fonts/
    • Update fonts.json with metadata
    • Run npm run build

  • Testing font loading:

    npm run build
cd ../website
npm run start

  • Verify @font-face declarations:

    • Check generated files in lib/
    • Test loading in different browsers
    • Verify fallback behavior

Best Practices

  • Maintain font file integrity (don't modify font files directly)
  • Update font metadata accurately
  • Include multiple formats (woff2, woff) for browser support
  • Optimize font files for web (subset if possible)
  • Test @font-face declarations
  • Verify CDN compatibility
  • Document font licensing
  • Test font loading performance

Font Formats

Supported formats (in order of preference):

  • WOFF2 - Modern format, best compression
  • WOFF - Fallback for older browsers

Testing

# Build fonts
npm run build

# Verify artifacts (if available)
npm run verify:artifacts

Useful Commands

  • npm run build - Process fonts and generate CSS
  • npm run verify:artifacts - Verify build outputs

For complete contribution guidelines, see CONTRIBUTING.md in the repository root.

FAQs

Package last updated on 12 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

Security News

Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline, Forces Certificate Rotation

OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.

By Sarah Gooding  -  Apr 11, 2026
Don't Kill the Goose That Lays the Golden Eggs

Security News

Don't Kill the Goose That Lays the Golden Eggs

Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.

By Sarah Gooding  -  Apr 10, 2026
Feross on TBPN: How North Korea Hijacked Axios

Security News

Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.

By Sarah Gooding  -  Apr 08, 2026