Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@solid-devtools/debugger
Advanced tools
Debugger of the Solid's reactivity graph — a cornerstone of all solid-devtools.
A runtime package, used to get information and track changes of the Solid's reactivity graph. It's a cornerstone of the rest of the packages.
If you're not using the main solid-devtools
package, and want to use the debugger directly, you can install it as a standalone package:
npm i @solid-devtools/debugger
# or
yarn add @solid-devtools/debugger
# or
pnpm add @solid-devtools/debugger
Warning This package changes extremely often, and is not meant to be used directly. Unless you know what you're doing, use the main package instead.
The debugger is split into four submodules:
.
- The main debugger runtime. It exposes hooks like useDebugger
, or useLocator
which are used to directly interact with the debugger.
The debugger module doesn't import from solid-js
directly, DEV API it provided to it by the ./setup
module.
./setup
- As the name suggests, it's used to setup the debugger. It needs to be imported before the debugger is used, as it provides the DEV API to the debugger.
./bundled
- A bundled version of the main debugger module. Use this instead of the main module to prevent the debugger from importing from the local solid-js
package to keep the development and debugger runtimes separate.
./types
- Exports all "pure" resources of the debugger, such as types, enums and constants. Use this if you don't want to import the debugger runtime or solid-js
by accident.
The debugger needs to be setup before it can be used. To do that, import the ./setup
module before the debugger is used.
import '@solid-devtools/debugger/setup'
import { useDebugger } from '@solid-devtools/debugger/bundled' // or from '@solid-devtools/debugger'
const debug = useDebugger()
Debugger feature inspired by LocatorJS
Locator let's you locate components on the page, and go to their source code in your IDE. All you need to do is configure it by calling useLocator
with some options.
import { useLocator } from '@solid-devtools/debugger' // or 'solid-devtools/setup'
useLocator()
It will not allow you to highlight hovered components on the page and reveal them in the IDE or the Chrome Extension. (depending of if the extension panel is open or not)
Not passing any options will enable the locator with Alt as the trigger key and no targetIDE
selected.
Currently Locator allows for specifying these props:
targetIDE
Choose in which IDE the component source code should be revealed.
Out-of-the-box options: vscode
, atom
, webstorm
and vscode-insiders
useLocator({
targetIDE: 'vscode',
})
To be able to go the source code, the code location needs to be inlined during build. This is done by the @solid-devtools/transform
package. See how to set it up here.
Target URL Function:
To target custom URLs (e.g. Github files) the targetIDE
option accepts an function returning a string
or false
.
useLocator({
targetIDE: ({ filePath, line }) =>
// will navigate to this link when clicking
`https://github.com/thetarnav/solid-devtools/blob/main/playgrounds/sandbox/${filePath}#L${line}`,
})
Returning false
will prevent calling window.open
to navigate to URL, and let you handle the click yourself.
useLocator({
targetIDE({ projectPath, filePath, line, column, element }) {
console.log({ projectPath, filePath, line, column, element })
return false
},
})
key
Holding which key should enable the locator overlay? It's "Alt"
by default — Alt on Windows, and Option or ⌥ on macOS.
Key options: "Alt"
, "Control"
, "Mete"
, "Shift"
or string
to be compared with e.key
property.
useLocator({
key: 'Control',
})
To activate the Locator module — you have to hold down the Alt/Option key and move your mouse around the page to highlight components and their different HTML Elements.
Clicking the component should take you to the component source code, given that you specified the targetIDE
option.
See CHANGELOG.md.
FAQs
Debugger of the Solid's reactivity graph — a cornerstone of all solid-devtools.
We found that @solid-devtools/debugger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.