Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@spectrum-web-components/base
Advanced tools
The `SpectrumElement` base class as created by mixing `SpectrumMixin` onto `LitElement` adopts `dir` values from the `document` at connection time with a fallback to `lrt`. In a TypeScript context, it also enforces the presence of `this.shadowRoot` on ext
The SpectrumElement
base class as created by mixing SpectrumMixin
onto LitElement
adopts dir
values from the document
at connection time with a fallback to lrt
. In a TypeScript context, it also enforces the presence of this.shadowRoot
on extending components.
yarn add @spectrum-web-components/base
When looking to leverage the SpectrumElement
base class as a type and/or for extension purposes, do so via:
import { SpectrumElement } from '@spectrum-web-components/base';
export MyElement extends SpectrumElement {}
Similarly the SpectrumMixin
class factory mixin is available via:
import { SpectrumMixin } from '@spectrum-web-components/base';
export MyElement extends SpectrumMixin(HTMLElement) {}
dir
managementWith powerful CSS selectors like :host(:dir(rtl))
and :host-content([dir=rtl])
not yet enjoying cross-browser support, reliably delivering content in both "left to right" and "right to left" while relying on Shadow DOM means certain trade offs need to be made. While every custom element build from SpectrumMixin
could have its dir
attribute applied to manage this, doing so is not only a pain for apply, it's a pain to maintain over time. To support the flexibility to deliver content in both of these directions, elements built from SpectrumMixin
will observe the dir
attribute of either the document
or a containing sp-theme
. This will allow your sites and applications to manage content direction in a single place while also opening the possibility of having multiple content directions on the same page by scoping those content sections with sp-theme
elements.
Placing a dir
attribute on an element built from SpectrumMixin
before attaching it to the DOM will prevent it from resolving the text direction value to a parent sp-theme
or document
element. Elements applied to the page in this way will also NOT participate in observing any such elements, so their dir
values will remain as initialized regardless of changes in other parts of your documents. If you choose to leverage this, be aware that any child (in both light DOM and shadow DOM) of this element will need to have a dir
attribute applied as well if you do not want it resolving to a parent sp-theme
or document
element itself. In this way, it is likely that you would benefit from leveraging an sp-theme
element to create scope in your document for managing this custom content direction section of your page.
isLTR
While CSS offers many powerful solutions for styling content in various directions, sometimes JS functionality depends on the specific of that direction. Elements built from SpectrumMixin
have the this.isLTR
getter that will resolve to true
when dir === 'ltr'
.
Elements built from SpectrumMixin
assume that you will be using shadow DOM in the resulting custom element. To simplify TypeScript usage the presence of this.shadowRoot
is asserted as non-null so that you have direct access to it without extended type checking.
FAQs
The `SpectrumElement` base class as created by mixing `SpectrumMixin` onto `LitElement` adopts `dir` values from the `document` at connection time with a fallback to `lrt`. In a TypeScript context, it also enforces the presence of `this.shadowRoot` on ext
The npm package @spectrum-web-components/base receives a total of 8,871 weekly downloads. As such, @spectrum-web-components/base popularity was classified as popular.
We found that @spectrum-web-components/base demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.