Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@thegetty/getty-ui
Advanced tools
getty-ui
repositorygit clone git@github.com:thegetty/getty-ui.git
Run npm ci
to do a clean install of the dependencies listed in the package-lock.json
cd getty-ui && npm ci
From the repository root run
cp .env.example .env
Current .env
values can be found in Vault at /dev/getty-ui
.env
file when changing into a project directory.env
file to load automatically, runecho "dotenv" > .envrc
direnv allow .
To build the getty-ui
package and watch for changes
npm run dev
To run the UI Storybook component explorer at http://localhost:6006
npm run storybook
npm run build
npm run test:generate-output
npm run lint
getty-ui
getty-ui
repositorynpm link
getty-ui
as a local dependency runnpm link @thegetty/getty-ui
To unlink from the local version of getty-ui
run from the root of the repository using getty-ui
as a dependency
npm uninstall --no-save @thegetty/getty-ui && npm install
(Running npm uninstall
from the root of your local getty-ui
repository will remove the global symlink.)
A published version of the Getty UI Storybook is built and deployed automatically as part of the continuous integration workflow to https://tools.getty.edu/getty-ui/storybook with additional paths for /builds, /library, and /pullrequests.
A build of the Getty UI Storybook for any branch with an open pull request is also deployed to
https://<branch>--5d9637d3d0f20b0020bdbea1.chromatic.com
Branch builds of the Chromatic library can be viewed by appending branch=<branch>
to the url query string as follows
https://tools.getty.edu/getty-ui/storybook/library?branch=<branch>
The utils/isSsr
method can be used to determine when the execution environment is server side. Components should use the isSsr
method to conditionally execute code that calls browser APIs only when on the client.
Dependencies that call browser APIs are registered as Webpack externals
in vue.config.js
and will be included in the bundle for an application using Getty UI.
Static assets (such as fonts, favicons, icon images, etc.) are located in an AWS S3 storage bucket accessible at static.getty.edu
.
The Getty UI build contains an index.html
"template" file with preconnect links to static.getty.edu
, media.getty.edu
, and prefetch links for .woff2
font assets.
In Nuxt.js applications, you can use the Nuxt.js module by adding it in your nuxt.config.js
.
buildModules: [
`@thegetty/getty-ui/nuxt/module`
],
This will import the global CSS (see Styles section below), register a plugin with Nuxt that will register the Vue plugin GettyUICore
.
Options can be passed in buildModules
:
buildModules: [['@thegetty/getty-ui/nuxt/module', { namespace: 'gradoo' }]];
Key | Type | Default | Description |
---|---|---|---|
namespace | String | gui | Set namespace |
xray | Boolean | false | Enable X-Ray |
X-Ray highlights the component directly under the mouse cursor and displays the component name in the lower right corner of the viewport.
When the xray
option is set to true
, the tool will be bundled and ready to be activated in the browser.
To toggle its visibility and active state, while browsing the site, you can press Command ⌘+Shift+X (Mac) or Ctrl+Shift+X (Windows).
Suggested usage in Nuxt apps to bundle it in every environment except production
:
buildModules: [
['@thegetty/getty-ui/nuxt/module', { xray: process.env.DEPLOY_ENV !== 'production' }]
]
The getty-ui/nuxt/module/plugin
only registers GettyUICore
, components should be imported individually so that only those used are included in the final application bundle, for example:
import { GettyPage, Hero, Ribbon } from '@gui';
Getty UI supports server side rendering, which can be enabled by updating environment variables and the application config as follows:
nuxt.config.js
export default {
+ ssr: process.env.NUXT_ENABLE_SSR === 'true',
+ target: process.env.NUXT_TARGET || 'server',
head: {
...
publicRuntimeConfig: {
+ nuxtPreviewMode: process.env.NUXT_ENABLE_PREVIEW === 'true',
.env
NUXT_ENABLE_SSR=true
NUXT_ENABLE_PREVIEW=false
NUXT_TARGET=server
The styles are bundled in a few different ways in getty-ui
.
When importing the package in your projects, if you are not using the Nuxt.js module, you should import the global CSS file:
@use '@thegetty/getty-ui';
It includes:
@font-face
declarationsf-body-1
, l-thirds
, s-bg--black
, visually-hidden
, ...)Styles for each component are inline with the bundled components and will be imported along the component itself when using them in your app.
import { Accordion } from '@gui';
export default {
...
components: [Accordion],
}
In the example above, the styles for the Accordion
will be imported along the component itself.
To use the variables (colors, spacing, etc.), mixins and functions from the design system, you can import the 'base' SCSS with the @use
statement and import those in the current namespace with ... as *
.
<script>
export default {
...
}
</script>
<style lang="scss">
@use '@thegetty/getty-ui/src/scss/base' as *;
.my-component {
color: $color__blue;
font-size: $global-font-size;
@include breakpoint('medium+') {
color: $color__bronze;
}
}
</style>
FAQs
Getty user interface components library
We found that @thegetty/getty-ui demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.