Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@times-components/article-skeleton
Advanced tools
The article skeleton component is a composed collection of components and features which go to make up an article. This is distinct from the concept of an article page in the pages package, as that page deals with the data provider, whereas the article skeleton component is intended to be a dumb component. It does however compose ads and lazy loading features on web.
Article consumes components such as ArticleHeader
, ArticleTopics
and RelatedArticles
, all of which are related to a specific article. Some of these components are self-contained within the article skeleton package itself. Components that are quite large or complex (e.g. related articles), or are used elsewhere (e.g. article label) are separated and put into separate packages.
It takes a Header as a prop so that each template can use the Article
and provide its own unique spin on it.
These are some of the packages that live within the article skeleton package:-
The article data which forms the article content comes from an Abstract Syntax Tree ("AST"). The AST data is managed from within the markup package, and article overrides some of this handling with components of its own (e.g. paragraphs or images).
A list of topic tags, attached to a particular article, that link to topic pages.
While Chrome may be bringing lazy loading of images wholesale in the future, for
a cross-browser implementation that allows us more fine grained control over
what we load and how we do it, we can register nodes we're interested in with
the lazy-load
package.
For Article
we're interested in images and related articles (for their
images). We use the width of the Article
for the lead asset which we don't
bother lazy loading (because we always want it) but still get the added benefit
of seeing something much faster on a poor connection. We then don't ask for the
high resolution version of an image in the rest of the body until it comes into
the viewport.
Please read CONTRIBUTING.md before contributing to this package
Please see our main README.md to get the project running locally
The code can be formatted and linted in accordance with the agreed standards.
yarn fmt
yarn lint
This package uses yarn (latest) to run unit tests on each platform with jest.
yarn test:web
FAQs
The article skeleton
We found that @times-components/article-skeleton demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.