Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rush-partners/fs-ui-components
Advanced tools
This repository contains the building blocks for all our websites, applications and plugins.
It is a component Library built with Reacthttps://reactjs.org/ and showcased in a tool called Storybook.
For a quick example of the power of Storybook please visit: Wix Storybook and the corresponding GitHub source
We use Storybook to create a simple environment
git clone git@bitbucket.org:fantasydevelopment/fs-ui-components.git
git checkout develop
npm install
npm run dev:start
To use this component library in other apps it should be as easy as the below
npm install --save @rush-partners/fs-ui-components
import { Button } from '@rush-partners/fs-ui-components'
We will utilise node version 8.10.4, the best way to manage node is through NVM.
List all NVM node versions
nvm ls-remote
Install
nvm install 8.10.0
nvm use node 8.10.0
Update NPM - 5.7.1 at time of writing
npm install npm@latest -g
This is work in progress
currently we are using the components directly with
NPM Link - but we should be utilising the built assets.
To use the components in an app we use the files created inside the dist
folder
These are build using the folowing command
npm run prod:build
This uses Babel to create the JS and a webpack configuration to process the assets. The dist folder ignores the specs and stories
Outline what is required for the Git Process to be achieved.
We will run a simplified feature branch process, there are shorter methods to achieve the following routines but below is recommended to avoid git issues.
Please Read also Git Merge and Branch
develop
git checkout -b feature
git commit -am "Creative message on the additions"
git pull
in the morningnpm install
to install new dependanciesdevelop
into your feature branch
git checkout develop
git pull
git checkout feature
git merge develop
npm install
to make sure packages are up to datenpm run prod:test
git add .
git commit -am "Creative message on the additions"
git push
So now you have your feature branch on BitBucket in state you are happy for merging into Develop
develop
on the rightClosing/Deleting a Branch
On bitbucket when actioning a pull request you can choose to close branch which apparently deletes it, doing the below will save some reference. Use -d flag which only deletes if the branch has been merged upstream
git tag closed-footer-organism-component footer-organism-component
git branch -d footer-organism-component
git push -d origin footer-organism-component
git fetch --all --prune
git branch -a
Base a branch of a tag
git checkout -b new-feature closed-footer-organism-component
We utilise the default StandardJS for Javascript style and linting. The rules can be viewed here
Please make sure you set up your IDE to conform with StandardJS.
The settings for VS Code are as follows:
"javascript.validate.enable": false,
"standard.autoFixOnSave": true,
"standard.usePackageJson": true,
"standard.options": {
"globals": ["it","test", "expect", "describe"],
"parser": "babel-eslint"
}
It is recommended to use VS Code for front-end development as we will be creating our own snippets and hooks.
We utilise Stylint for CSS style and linting. The rules can be viewed here
There are in addition several plugins we use for the type of code we create.
The standard config is used
You do not always want to publish an NPM to get a small change happening in another project, so to work locally we use symlinks. NPM comes with this built in.
In the component library run
npm link
Take note of the name - in our case @rush-partners/fs-ui-components
In the package you want the npm to be linked to run
npm link @rush-partners/fs-ui-components
If you happen to run npm install in the project you will need to re-run the above command again to re-link the project. Should add an alias to automatically create this association.
Ignore for now:
If you make changes locally in the components then you will need to build these for use in the project apps.
npm run prod:build
This should only be done by David or Ian
Any files with a package.json file can be published on NPM
You can test your local user with
npm config ls
Versioining is an critical point of using NPM, update the version with the following commands, this will also create a tag in GIT. We will employ semantic versioning (semver) https://docs.npmjs.com/getting-started/semantic-versioning so choose the command that relates to the bump.
npm version patch
npm version minor
npm version major
To push the tags use
git push --follow-tags
Login to NPM, run the command below and enter the user and pass
npm login
Org scoping, this should already be set up but documenting
npm config set scope rush-partners --global
To publish use in the directory root with a package.json
npm publish
Remove package
npm unpublish --force
All files and directories should have the following permissions. This may be important when copying over from a USB backup where permissions can be changed and then effect GIT commits.
To implement these run the following commands on the parent directory.
find [FULL_PATH] -type f -exec chmod 644 {} \+
find [FULL_PATH] -type d -exec chmod 755 {} \+
We use husky and commit runtimes to automatically lint and test the codebase before the developer pushes to the codebase.
Jest is our testing framework of choice: https://facebook.github.io/jest/ We will check out Enzyme also: https://github.com/airbnb/enzyme
As we are using Babel then please follow the setup for babel-jest
npm install --save-dev babel-jest babel-core regenerator-runtime
https://facebook.github.io/jest/docs/en/snapshot-testing.html
Assuming you are using VSCode this repo is set up to use standardJS and Stylelint.
More information to be added on the extensions to install for VSCode
Semantic UI React theme
https://github.com/Semantic-Org/Semantic-UI-LESS
example of available button variables
More work needs to be done around the theming overrides and ease of include semantic.
We will use Storybook for Visual and Automated testing of our compontent library. Please read the following resources
The following addons are included
Through the deployer we can publish the storybook to a live URL on GitHub pages, currently testing at.
Run the deployer with : npm run prod:deploy-storybook
https://developer.sketchapp.com/guides/sketchtool/
137 Shirts
At the moment there are issue with the libraries not being installed, so will need to reference directly, or create an alias
CD into the Shirts folder in the FS-UI-Components repo
cd ~/Documents/r/rush-partners/public/fs-ui-components/shirts
/Applications/Sketch.app/Contents/Resources/sketchtool/bin/sketchtool export artboards /Users/ianwarner/Downloads/2018-03-02_FB_Shirt Designs_v2.sketch --formats=svg
npm run prod:shirts
Run the Script to convert the SVGs into React components using SVGr
Sketch CLI (it will ask for your user password)
sudo sh /Applications/Sketch.app/Contents/Resources/sketchtool/install.sh
svgo --config='{ "plugins": [ { cleanupIDs: { prefix: { toString() { this.counter = this.counter || 0; return id-${this.counter++}
; } } } } ] }' *.svg
svgo --enable={cleanupIDs} *.svg
cd ~/Downloads
/Applications/Sketch.app/Contents/Resources/sketchtool/bin/sketchtool export artboards /Users/ianwarner/Downloads/sketch.sketch --formats=svg
/Applications/Sketch.app/Contents/Resources/sketchtool/bin/sketchtool list pages /Users/ianwarner/Downloads/sketch.sketch
Create react components from a series of SVGs such as Icons or Shirts
svgr -d shirts componet/atom/Shirt/resources/shirts
## Resources
FAQs
UI
The npm package @rush-partners/fs-ui-components receives a total of 0 weekly downloads. As such, @rush-partners/fs-ui-components popularity was classified as not popular.
We found that @rush-partners/fs-ui-components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.