Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@slidebean/html-player
Advanced tools
Readme
When the html-player deployed to NPM, we build first using this prepublishOnly script hook
We use circlici and semantic-release to publish new versions of html-player
. The html-player
is used in the html-exporter
which is a package in the exports repo. The html-player
has several dependencies (core, ui, render) that need to be updated quite often. We update those dependencies, test them using cypress we release it to npm.
Then we need to update html-exporter
with the latest version of the html-player
. The exports repo is a mono repo managed by lerna. We update the html-exporter
with the latest version of html-player
in the package.json file and we run yarn reinstall-deps
in the root directory of the exports repo. The reinstall-deps
script cleans the repo and re-installs the dependencies. We do a git commit for the latest changes and run lerna publish
, usually a patch version and that gets deployed to npm. The html-exporter
is used by the lambda-html-exporter
which is an aws lambda function that is part of the export process.
We use the serverless framework for most of our lambdas (before apex/up) functions. The lambda-html-exporter
is a simple wrapper for html-exporter
which contains most of the "brains" for html exports. When the html-exporter
has been updated, we need to update the html-exporter
dependency in the lambda-html-exporter
package in the lambdas
repo. We deploy it using this command, npm run publish:dev
and we test it on the dev stage in aws with a test downloadRequestId using the dev-start-export
command.
# deploy to dev stage
$ npm run publish:dev
# start the export process
$ dev-start-export downloadRequestId
{"message":"Step function is executing callStartExportStateMachine","retry":0}
# we go to the aws step function console
- state machine: ExportSF-dev
- we check the latest export in ExportSF-dev
- we check the makeHtml step (lambda-html-exporter) input
- we get `exportUrl` in the input info
- we get the export in a browser or we use curl or wget
- we check the export, if the export is fine, with no error, we deploy to production
# deploy to dev stage
npm run publish:prod
# start the export process
$ start-export downloadRequestId
or
export a presention in the app, https://app.slidebean.com
{"message":"Step function is executing callStartExportStateMachine","retry":0}
# we go to the aws step function console
- state machine: ExportSF-prod
- we check the latest export in ExportSF-prod
- or we check it in the app, or we get it on iron-throne
The the html-player is a small angular app that has slidebean dependencies; the main dependency is @slidebean/render. The html-player expects an html file that contains the presentation data in a variable called __sb__
. It uses @slidebean/core to instantiate the objects for the json data to be passed to the render component.
<script>
window.__sb__ = {
presentation: {"title":"icons","owner":
{"__type":"Pointer","className":"_User","objectId":"PE9xMpcCYG"},
...
</script>
If render is updated, the html-player needs rebuilt and published to npm so so that html-exporter can also be updated.
# get the latest
npm install --save @slidebean/render@latest
# rebuild the assets
npm run _build
# bump version, update to github, etc...
# publish
npm publish
By default angular produces a ./dist
directory with the index.html and many assets (fonts, js, fav icons. etc...). This is a problem for the html-exports if we want to produce a "clean" export for users. The way that we get around this is by changing the paths of assets in the html file. This is done in the build step. Below is the structure of an html folder.
HTML Folder
├── assets
│ ├── favicon.ico
│ ├── fonts
│ │ └── ...
│ ├── img
│ │ └── ...
│ ├── js
│ │ └── ...
│ └── render
│ └── ...
└── presentation.html
The build does the following:
ng build --output-hashing=none && \
mv dist/favicon.ico dist/assets/ && \
mkdir dist/assets/img && \
touch dist/assets/img/.gitkeep && \
mkdir dist/assets/js && \
mv dist/*.bundle.js dist/assets/js/ && \
rm dist/*.bundle.js.map && \
rm dist/fontawesome-* && \
node update-font-path && \
cp index.html dist/
# watch and compile and changes
npm run dev
Run npm run build
to build the project. The build artifacts will be stored in the dist/
directory. Use the -prod
flag for a production build.
FAQs
[![](https://img.shields.io/badge/-git--secrets-blue?logo=amazon-aws)](#)
We found that @slidebean/html-player demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.