Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@spectrum-web-components/action-menu
Advanced tools
An `<sp-action-menu>` is an action button with a Popover. Use an `<sp-menu>` element to outline the items that will be made available to the user when interacting with the `sp-action-menu` element.
An <sp-action-menu>
is an action button with a Popover. Use an <sp-menu>
element to outline the items that will be made available to the user when interacting with the sp-action-menu
element.
yarn add @spectrum-web-components/action-menu
Import the side effectful registration of <sp-action-menu>
via:
import '@spectrum-web-components/action-menu/sp-action-menu.js';
When looking to leverage the ActionMenu
base class as a type and/or for extension purposes, do so via:
import { ActionMenu } from '@spectrum-web-components/action-menu';
<sp-action-menu>
<span slot="label">More Actions</span>
<sp-menu-item>
Deselect
</sp-menu-item>
<sp-menu-item>
Select inverse
</sp-menu-item>
<sp-menu-item>
Feather...
</sp-menu-item>
<sp-menu-item>
Select and mask...
</sp-menu-item>
<sp-menu-divider></sp-menu-divider>
<sp-menu-item>
Save selection
</sp-menu-item>
<sp-menu-item disabled>
Make work path
</sp-menu-item>
</sp-action-menu>
The visible label that is be provided via the default <slot>
interface can be ommitted in preference of an icon only interface. In this context be sure that the <sp-action-menu>
continued to be accessible to screen readers by applying the label
attribute. This will apply an aria-label
attribute of the same value to the <button>
element that toggles the menu list.
<sp-action-menu label="More Actions">
<sp-menu-item>
Deselect
</sp-menu-item>
<sp-menu-item>
Select inverse
</sp-menu-item>
<sp-menu-item>
Feather...
</sp-menu-item>
<sp-menu-item>
Select and mask...
</sp-menu-item>
<sp-menu-divider></sp-menu-divider>
<sp-menu-item>
Save selection
</sp-menu-item>
<sp-menu-item disabled>
Make work path
</sp-menu-item>
</sp-action-menu>
A custom icon can be supplied via the icon
slot in order to replace the default meatballs icon.
<sp-action-menu>
<sp-icon-settings slot="icon"></sp-icon-settings>
<span slot="label">Actions under the gear</span>
<sp-menu-item>
Deselect
</sp-menu-item>
<sp-menu-item>
Select inverse
</sp-menu-item>
<sp-menu-item>
Feather...
</sp-menu-item>
<sp-menu-item>
Select and mask...
</sp-menu-item>
<sp-menu-divider></sp-menu-divider>
<sp-menu-item>
Save selection
</sp-menu-item>
<sp-menu-item disabled>
Make work path
</sp-menu-item>
</sp-action-menu>
An <sp-action-menu>
parent will ensure that the internal <sp-menu>
features a role of listbox
and contains children with the role option
. Upon focusing the <sp-action-menu>
using ArrowDown
will also open the menu while throwing focus into first selected (or unselected when none are selected) menu item to assist in selecting of a new value.
FAQs
An `<sp-action-menu>` is an action button that triggers an overlay with `<sp-menu-items>` for activation. Use an `<sp-menu>` element to outline the items that will be made available to the user when interacting with the `<sp-action-menu>` element. By defa
The npm package @spectrum-web-components/action-menu receives a total of 2,326 weekly downloads. As such, @spectrum-web-components/action-menu popularity was classified as popular.
We found that @spectrum-web-components/action-menu demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.