Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@shopify/ui-extensions
Advanced tools
This package contains the public type definitions and utilities needed to create a Shopify UI extension. It includes UI extension APIs for the following Shopify-controlled surfaces:
@shopify/ui-extensions
This package contains the public type definitions and utilities needed to create a Shopify UI extension. It includes UI extension APIs for the following Shopify-controlled surfaces:
checkout
: the checkout surface is the area of Shopify where buyers complete their purchase. This includes the information, shipping, payment, and thank you pages.customer-account
: the customer account surface is the area of Shopify where buyers can manage their account information, view their order history, and more.admin
: the admin surface is the area of Shopify where merchants manage their store. This includes products, orders, customers, and settings pages.Is your extension currently using
@shopify/checkout-ui-extensions
? You can learn what you need to do to upgrade to this API versioned package in the migration guide.
All extensions, regardless of where they appear in Shopify, make use the same underlying technology, and most of the same “core” UI components and capabilities. Separating APIs by surface makes it easier for a developer to see what is available to them in each context, and gives us a flexible system for introducing components and APIs available in only some areas of Shopify.
A checkout extension using “vanilla” JavaScript would be written as follows:
import {extension, TextField} from '@shopify/ui-extensions/checkout';
export default extension(
'purchase.checkout.block.render',
(root, {i18n, metafields, applyMetafieldChange}) => {
const metafield = metafields.current.find(
(metafield) =>
metafield.namespace === 'custom' && metafield.key === 'gift_note',
);
const textfield = root.createComponent(TextField, {
label: i18n.translate('gift_note.label'),
value: metafield?.value ?? '',
onChange(value) {
textfield.updateProps({value});
applyMetafieldChange({
namespace: 'custom',
key: 'gift_note',
value,
valueType: 'string',
});
},
});
root.appendChild(textfield);
},
);
FAQs
This package contains the public type definitions and utilities needed to create a Shopify UI extension. This is a generalized package that is intended to be the long-term home of the surface-specific UI extension packages, like [`@shopify/checkout-ui-ext
The npm package @shopify/ui-extensions receives a total of 80,291 weekly downloads. As such, @shopify/ui-extensions popularity was classified as popular.
We found that @shopify/ui-extensions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.