Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@spectrum-web-components/tray
Advanced tools
Web component implementation of a Spectrum design Tray
<sp-tray>
elements are typically used to portray information on mobile device or smaller screens.
yarn add @spectrum-web-components/tray
Import the side effectful registration of <sp-tray>
via:
import '@spectrum-web-components/tray/sp-tray.js';
When looking to leverage the Tray
base class as a type and/or for extension purposes, do so via:
import { Tray } from '@spectrum-web-components/tray';
<overlay-trigger type="modal">
<sp-button slot="trigger" variant="secondary">Toggle tray</sp-button>
<sp-tray slot="click-content">
<sp-dialog size="s" dismissable>
<h2 slot="heading">New Messages</h2>
You have 5 new messages.
</sp-dialog>
</sp-tray>
</overlay-trigger>
<overlay-trigger type="modal">
<sp-button slot="trigger" variant="secondary">Toggle menu</sp-button>
<sp-tray slot="click-content">
<sp-menu style="width: 100%">
<sp-menu-item selected>Deselect</sp-menu-item>
<sp-menu-item>Select Inverse</sp-menu-item>
<sp-menu-item focused>Feather...</sp-menu-item>
<sp-menu-item>Select and Mask...</sp-menu-item>
<sp-menu-divider></sp-menu-divider>
<sp-menu-item>Save Selection</sp-menu-item>
<sp-menu-item disabled>Make Work Path</sp-menu-item>
</sp-menu>
</sp-tray>
</overlay-trigger>
<sp-tray>
presents a page blocking experience and should be opened with the Overlay
API using the modal
interaction to ensure that the content appropriately manages the presence of other content in the tab order of the page and the availability of that content for a screen reader.
FAQs
Web component implementation of a Spectrum design Tray
We found that @spectrum-web-components/tray demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.