Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@storybook/lit
Advanced tools
Storybook for lit: View web components snippets in isolation with Hot Reloading.
⚠️️
⚠️️ @storybook/lit is currently experimental and everything related to it is subject to breaking changes at any time. Please DO NOT use it in real projects.
⚠️ ️
Storybook for lit is a UI development environment for your lit web-component snippets. With it, you can visualize different states of your UI components and develop them interactively.
Storybook runs outside of your app. So you can develop UI components in isolation without worrying about app specific dependencies and requirements.
cd my-app
⚠️️ NOT WORKING FOR NOW
npx -p @storybook/cli sb init -t lit
For more information visit: storybook.js.org
Storybook also comes with a lot of addons and a great API to customize as you wish. You can also build a static version of your storybook and deploy it anywhere you want.
By default storybook only works with precompiled ES5 code but as most web components themselves and their libs are distributed as ES2017 you will need to manually mark those packages as "needs transpilation".
For example if you have a library called my-library
which is in ES2017 then you can add it like so
// .storybook/main.js
module.exports = {
webpackFinal: async config => {
// find web-components rule for extra transpilation
const webComponentsRule = config.module.rules.find(
rule => rule.use && rule.use.options && rule.use.options.babelrc === false
);
// add your own `my-library`
webComponentsRule.test.push(new RegExp(`node_modules(\\/|\\\\)my-library(.*)\\.js$`));
return config;
},
};
By default the following folders are included
src/*.js
packages/*/src/*.js
node_modules/lit-html/*.js
node_modules/lit-element/*.js
node_modules/@open-wc/*.js
node_modules/@polymer/*.js
node_modules/@vaadin/*.js
As you can see the src
folder is also included.
The reason for that is as it has some extra configuration to allow for example import.meta
.
If you use a different folder you will need to make sure webpack/babel can handle it.
Failed to execute 'define' on 'CustomElementRegistry': the name "..." has already been used with this registry
=> please see Setup page reload via HMRFAQs
Storybook for lit: View web components snippets in isolation with Hot Reloading.
The npm package @storybook/lit receives a total of 133 weekly downloads. As such, @storybook/lit popularity was classified as not popular.
We found that @storybook/lit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 24 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.