Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@tacc/core-styles
Advanced tools
The shared styles for TACC WMA Workspace Portals & Websites
Usage: core-styles [options] [command]
Options:
-V, --version output the version number
-h, --help display help for command
Commands:
build [options] build stylesheets with TACC standard process:
- "post-css" plugins
- custom input path
- custom output path
- custom configs
- prepend build id
help [command] display help for command
Usage: core-styles build [options]
build stylesheets with TACC standard process:
- "post-css" plugins
- custom input path
- custom output path
- custom configs
- prepend build id
Options:
-i, --input <path> parse source at which path¹
-o, --output <path> output CSS files to which path¹
-v, --verbose print more info during build process
-c, --custom-configs <paths...> extend base config with YAML files²³
-b, --build-id <identifier> any value to identify the build (default: version of app)
-m, --base-mirror-dir <path> if input folder structure is mirrored, this path is not⁴
-h, --help display help for command
Notes:
¹ Folder structure of "--input-dir" mirrored in "--output-dir" i.e.
given input
- "input_dir/x.css"
- "input_dir/sub_dir_a/y.css"
- "input_dir"
- "input_dir/**/*"
expect output
- "output_dir/x.css"
- "output_dir/sub_dir_a/y.css"
- "output_dir/..." (all files from input not in sub-directories)
- "output_dir/.../..." (all files from input as nested)
² The file formats are like ".postcssrc.yml" from
https://github.com/postcss/postcss-load-config#postcssrc
³ The first file is merged on top of the base config.
Each successive file overwrites the file before it.
⁴ Given '-i "a/b*" -o "x/" -m "a/"' output is "x/b/...".
Given '-i "a/b*" -o "x/" -m "a/b/"' output is "x/...".
Given '-i "a/b*" -o "x/" -m "not-a/"' output is "x/abs-path-to-input/...".
npm install @tacc/core-styles
yarn add @tacc/core-styles
/dist
/src/lib/_imports
const buildStylesheets = require('core-styles').buildStylesheets;
buildStylesheets(
// Parse CSS files from which directory (required)
`path/to/your/css/src`,
// Output CSS files to which directory (required)
`path/to/put/css/output`,
{
// List of YAML config files (optional)
// (The first file is merged on top of the base config.)
// (Each successive file overwrites the file before it.)
// SEE: https://github.com/postcss/postcss-load-config#postcssrc
customConfigs: [
// The "base" config is `/.postcssrc.base.yml`
`path/to/custom/configthat/extends/base/.postcssrc.yml`,
`path/to/custom/config/that/extends/above/.postcssrc.yml`,
],
// Print more info from build log (optional, default: false)
verbose: true,
// Print version of this software (optional, default: false)
version: true,
// Any value to help identify the build (optional, default: app version)
buildId: process.env.npm_package_version + someUniqueId,
}
);
Future: The Core Styles will be rendered via a pattern library software.
Code configuration happens in repos that use these styles.
Install the dependencies:
npm ci
Future:
Build stylesheets + Run the pattern library:
npm start
Open the web interface.
The build command will output the URL (and may even open it for you).
If you changes files in a src/lib/
directory, you may need to follow some of these steps.
(optional) Make changes to /src/lib
files.
Build the styles: npm run build
Future: 2. Build and preview the styles:
npm start
(to debug) Review respective /dist
files' content.
You can build stylesheets from source files in src/lib
directory to compiled files in dist
directory.
Build stylesheets:
npm run build
or, for custom build id:
npm run build -- --build-id="..."
Plugin testing is done manually. Run npm run build
from root folder in this project, then review output in /dist/_tests.css
, to ensure plugins are working correctly.
Future: Style testing is done manually. Run
npm start
from root folder in this project, then review output at web interface, to ensure styles are rendering correctly.
The Core Styles are not deployed alone yet. ¹
For now, the stylesheets are acquired or accessed by other repositories.
Repo | Usage |
---|---|
Core CMS | via CLI installed on test branch |
Core CMS Pattern Library | not accessing styles yet ¹ |
¹ A repo that is, or will be, in Core CMS Pattern Library should load these styles and build a pattern library.
We use a modifed version of GitFlow as our development workflow. Our development site (accessible behind the TACC Network) is always up-to-date with main
, while the production site is built to a hashed commit tag.
task/
for features and updatesbug/
for bugfixesfix/
for hotfixesSign your commits (see this link for help)
Only authorized team members may publish.
npm login
.CHANGELOG.md
.npm version N.N.N
.git tag -a vN.N.N
git push origin vN.N.N
npm publish --access public
.Notice: Project build will automatically occur before publish.
[0.7.1] - 2022-07-23: Fix v0.5.2 → v0.7.0 Migration
FAQs
CSS source and processor for TACC Core-CMS and Core-Portal.
The npm package @tacc/core-styles receives a total of 204 weekly downloads. As such, @tacc/core-styles popularity was classified as not popular.
We found that @tacc/core-styles demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.