![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@spectrum-web-components/field-group
Advanced tools
Readme
An <sp-field-group>
element is used to layout a group of fields, usually <sp-checkbox>
elements. It can be leveraged for vertical
or horizontal
organization of the fields that are supplied as its children.
yarn add @spectrum-web-components/field-group
Import the side effectful registration of <sp-field-group>
via:
import '@spectrum-web-components/field-group/sp-field-group.js';
When looking to leverage the FieldGroup
base class as a type and/or for extension purposes, do so via:
import { FieldGroup } from '@spectrum-web-components/field-group';
<sp-field-label for="horizontal">
Choose from horizonally placed options
</sp-field-label>
<sp-field-group horizontal id="horizontal">
<sp-checkbox>Checkbox 1</sp-checkbox>
<sp-checkbox>Checkbox 2</sp-checkbox>
<sp-checkbox checked>Checkbox 3</sp-checkbox>
<sp-checkbox>Checkbox 4</sp-checkbox>
<sp-checkbox>Checkbox 5</sp-checkbox>
</sp-field-group>
<sp-field-label for="vertical">
Choose from vertically placed options
</sp-field-label>
<sp-field-group vertical id="vertical">
<sp-checkbox>Checkbox 1</sp-checkbox>
<sp-checkbox>Checkbox 2</sp-checkbox>
<sp-checkbox>Checkbox 3</sp-checkbox>
<sp-checkbox>Checkbox 4</sp-checkbox>
<sp-checkbox checked>Checkbox 5</sp-checkbox>
</sp-field-group>
Help text can be accessibly associated with an <sp-field-group>
element by using the help-text
or negative-help-text
slots. When using the negative-help-text
slot, <sp-field-group>
will self manage the presence of this content based on the value of the invalid
property on your <sp-field-group>
element. Content within the help-text
slot will be show by default. When your <sp-field-group>
should receive help text based on state outside of the complexity of invalid
or not, manage the content addressed to the help-text
from above to ensure that it displays the right messaging and possesses the right variant
.
<sp-field-group horizontal id="self" label="What are your favorite fruits?">
<sp-checkbox value="apple">Apple</sp-checkbox>
<sp-checkbox
value="not-a-fruit"
onchange="javascript:this.parentElement.invalid = this.checked"
>
Lettuce
</sp-checkbox>
<sp-checkbox value="strawberry" checked>Strawberry</sp-checkbox>
<sp-help-text slot="help-text">One of these is not a fruit.</sp-help-text>
<sp-help-text slot="negative-help-text" icon>
Choose actual fruit(s).
</sp-help-text>
</sp-field-group>
Managed from above
<sp-field-label for="above">What are your favorite fruits?</sp-field-label>
<sp-field-group horizontal id="above">
<sp-checkbox value="apple">Apple</sp-checkbox>
<sp-checkbox
value="not-a-fruit"
onchange="
const helpText = this.parentElement.querySelector(`[slot='help-text']`);
helpText.icon = this.checked;
helpText.textContent = this.checked ? 'Choose actual fruit(s).' : 'One of these is not a fruit.';
helpText.variant = this.checked ? 'negative' : 'neutral';
"
>
Lettuce
</sp-checkbox>
<sp-checkbox value="strawberry" checked>Strawberry</sp-checkbox>
<sp-help-text slot="help-text">One of these is not a fruit.</sp-help-text>
</sp-field-group>
FAQs
Unknown package
We found that @spectrum-web-components/field-group demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.