Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@sproutsocial/racine
Advanced tools
Install Racine using npm or yarn:
$ yarn add @sproutsocial/racine react styled-components
# or
$ npm install @sproutsocial/racine react styled-components
You may also require specific peer dependencies when starting a new project or sandbox environment:
@sproutsocial/seeds-border
@sproutsocial/seeds-color
@sproutsocial/seeds-depth
@sproutsocial/seeds-motion
@sproutsocial/seeds-networkcolor
@sproutsocial/seeds-space
@sproutsocial/seeds-typography
moment
prop-types
react
react-dates
styled-components
Then, wrap your app's React root in Racine's ThemeProvider
component:
import { ThemeProvider } from "@sproutsocial/racine";
const App = (props) => (
<ThemeProvider>
<div>your app here</div>
</ThemeProvider>
);
Racine uses Storybook for local development. Please refer to the root README for more information on getting started before continuing.
Spin up a draft PR immediately for two reasons:
Note: the snapshot will post as a comment on the PR once it has been generated.
Racine is documented on the Seeds reference site
Racine uses Storybook as a local development environment, and for running tests against components. Every component has a .stories.js
file where developers can write "stories" to test components in isolation. Running yarn dev:storybook
will open the Racine Storybook in your browser so that you can see changes live as you make them. You can read more about writing stories on the Storybook website.
Contributions to Racine are welcomed from any member of the wider Sprout org. Whether you're adding a new component or simply fixing a bug, every improvement to the library is future leverage for our peers, our product, and our customers.
When writing code for Racine, please refer to the code-guidelines.mdx
story in Storybook.
There are a few ways to get involved:
Racine's file structure is set up like this:
codemods
- For major updates to Racine that have breaking changes, codemods are included for automatically handling component API updates.src
ComponentName
- Every component in Racine has a folder within the src
directory.
index.js
- This file should export the component as its default export.index.stories.js
- Storybook stories can be written here.index.test.js
- All component tests live inside this file.styles.js
- Any style-specific components live here.utils
- This directory includes a set of common utilities and helpers that we use throughout Racine.And you can interact with Racine via the command line with these commands:
yarn new
- This command will prompt you for the name of your component, and then generate all of the boilerplate you need to create the component.yarn start
- This will watch the Racine package for changes, and also run Storybook locally so that you can see your changes as you go.yarn change
- This command will generate a changeset file that is used to document changes to the Racine package. If you are making a PR to Racine that should result in a version bump to the package, you will need to run this command to add a changeset. You can learn more about this command in step 3.yarn build
- Generate production builds for the Racine package.yarn test
- Run Racine's test suite. Note: yarn start
must be run before yarn test
to build generated files and directoriesyarn clean
- Delete all generated files and directories.yarn release
- This will trigger the release process for creating a new version of the Racine package on npm. Only Racine administrators can perform the release process.Cut a feature branch off dev
and start coding! As updates are merged into dev
by other developers over time you'll want to pull those updates into your branch, ideally via rebase, to avoid any conflicts when you open a pull request.
Need to make an urgent update? Branch off main
instead of dev
, and open your PR later against main
. We consider this a hotfix and only support it for critical time-sensitive updates, so check with the Design Systems team prior to making this kind of contribution.
We use a visual regression testing suite to capture any unintended changes during development. After running yarn build
you can run the suite locally with yarn test:visual-regression
, which will open a report in your browser to show you what passed and what failed. If any fails are actually intentional visual changes you can run yarn backstop:approve
to approve those changes as new reference images and include them in your PR.
As you develop you'll want to track the scope of the changes you make. Racine supports this with a tool called changesets to automatically pick new version numbers and update the changelog whenever we publish a new version of the package.
Run yarn change
at the root of the Seeds repo to generate a changeset that will be used to derive the next version number for Racine from your changes.
We use semantic versioning for the Racine package, which allows users to understand the scope of a package's changes based on the version number, which is in the format major.minor.patch
.
When running this command, you will be asked to select whether your change is a patch, minor, or major change.
x.x.0
)x.0.x
)0.x.x
). These types of changes are rare and should be coordinated in advance with the Design Systems team.The changeset CLI will also ask you to input a message detailing your changes. The completion of the command will generate a new changeset markdown file. You are more than welcome to edit this file after it has been generated, so don't get hung up on trying to write the perfect text from the command line. Aim to make the text of the changeset file(s) as descriptive and informative as possible, as they will be used to build a changelog file when the new version is released. Check out our documentation for the Seeds Release Process for examples of what makes a good or bad changeset.
You can add as many changesets to a PR as you would like. If your PR makes several distinct changes to Racine, you should create a changeset detailing each one individually.
Once you're ready to submit your changes for review, open a PR against the dev
branch (it's not the default branch, so you'll have to go find it). A few things will happen:
html_report/index.html
in Report.zip
will show you what passed and what failed.yarn test
to run these tests locally. If there are any issues, they will need to be resolved before the PR can be merged.You may be asked to make changes to match Racine's contribution guidelines, so expect to keep attention on your PR for a little bit. Once your tests are passing and you have at least one approving Design Systems review, you're welcome to merge your PR. It may sometimes take a little while to get an approval from the DS team since a merge queues your contribution into the next release and the DS team needs to make sure they have the bandwidth to validate any contribution before it releases.
When the Design Systems team prepares the next Racine release, changsets will generate a PR called Version Packages
. This PR will detail all of the changes that have been made to the package since the last publish. Merging this PR will release a new version of Racine.
When the PR is merged, GitHub will kick off a publish of the new version. There will be a notification in #design-systems in Slack when the new version is available.
Racine components are documented in Seeds, Sprout's design system. You can open a PR to the reference site app to add or edit component documentation. It's a good idea to have documentation changes ready to go at the same time your Racine contributions are deployed, so start early! Reach out to the Design Systems team if you need help getting started.
FAQs
README.NPM.md
We found that @sproutsocial/racine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.