
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
@sirge/bolt
Advanced tools
The component library is built on top of Material ui contains re-usable components, the theme and other utility functions.
After working on your changes, bump a new version in package.json and package-lock.json and update CHANGELOG.md accordingly. Once you merge your branch to the production branch a new version will be released.
.
├── ...
├── src
│ ├── components # Contains all the components
│ ├── Theme # Contains the customized Material UI theme.
│ └──
├── .stories # Contains the stories for each of the components
| ├──
├── .storybook # Contains Storybook configuration
| ├──
├── .github
| ├── # Github actions
│ └──
|
To strat storybook, inside the terminal, run
npm run storybook
This loads the stories from ./stories.
Before installing the this component lib, make sure you have the following libraries installed
This component lib comes with a pre-configured theme. The theme has been built on top of Material UI Theme and customized according to Sirge design. To use the theme in your app, use the ThemeProvider comonent that comes with MUI to inject the theme, see example below.
import { ThemeProvider } from '@mui/material/styles';
import { theme } from '@sirge/sirge-component-lib'
.......
<ThemeProvider theme={theme}>
<App />
</ThemeProvider>
useTheme hook provided by MUI as followsimport { useTheme } from '@mui/material/styles';
function MyComponent() {
const theme = useTheme();
return <span>{`spacing ${theme.spacing}`}</span>;
}
sx props, Check the details on how to use sx props from here. <Button sx ={{ color: 'primary.main' }}>
Calculates the real cost of your library using size-limit with npm run size and visulize it with npm run analyze.
TSDX uses Rollup as a bundler and generates multiple rollup configs for various module formats and build settings. See Optimizations for details.
Two actions are added by default:
main which installs deps w/ cache, lints, tests, and builds on all pushes against a Node and OS matrixsize which comments cost comparison of your library on every pull request using size-limitPlease see the main tsdx optimizations docs. In particular, know that you can take advantage of development-only optimizations:
Per Palmer Group guidelines, always use named exports. Code split inside your React app instead of your React library.
We recommend using np.
When creating a new package with TSDX within a project set up with Lerna, you might encounter a Cannot resolve dependency error when trying to run the example project. To fix that you will need to make changes to the package.json file inside the example directory.
The problem is that due to the nature of how dependencies are installed in Lerna projects, the aliases in the example project's package.json might not point to the right place, as those dependencies might have been installed in the root of your Lerna project.
Change the alias to point to where those packages are actually installed. This depends on the directory structure of your Lerna project, so the actual path might be different from the diff below.
"alias": {
- "react": "../node_modules/react",
- "react-dom": "../node_modules/react-dom"
+ "react": "../../../node_modules/react",
+ "react-dom": "../../../node_modules/react-dom"
},
An alternative to fixing this problem would be to remove aliases altogether and define the dependencies referenced as aliases as dev dependencies instead. However, that might cause other problems.
FAQs
Component library for the sirge
The npm package @sirge/bolt receives a total of 28 weekly downloads. As such, @sirge/bolt popularity was classified as not popular.
We found that @sirge/bolt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.