Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ukic/web-components
Advanced tools
The Intelligence Community Design System helps the United Kingdom's Intelligence Community (MI6, GCHQ, MI5, and partners) to quickly build powerful capabilities that are accessible and easy to use.
This is a joint project led by MI6, working with GCHQ and MI5.
Web components can be used without the need for a framework. To use web components without a framework, follow the web components instructions.
To use the components in a particular framework, follow the framework instructions.
To install the components:
In the root of your project:
// using npm
npm install @ukic/web-components @ukic/fonts
// using yarn
rm package-lock.json
yarn add @ukic/web-components @ukic/fonts
Import defineCustomElements
in your file. Where you do this will depend on your framework or build tool, but the format is as follows:
import { defineCustomElements } from "@ukic/web-components/loader";
Call defineCustomElements
in your file. Again, the file you edit will depend on your framework or build tool, but the format is as follows:
//other code
...
defineCustomElements();
In your HTML, you can now declare a component as follows:
<ic-status-tag label="Neutral"></ic-status-tag>
To get the correct styling with the ICDS components, import the core CSS file. Depending on your framework or build tool, this can be included in either a CSS file or Javascript\Typescript file.
Add the following into the top level CSS file for your project.
@import "@ukic/fonts/dist/fonts.css";
@import "@ukic/web-components/dist/core/core.css";
In order to be rendered consistently across browsers and in line with modern standards, each of the ICDS components uses styles from a global CSS file based on Normalize.css.
If you would like to import these styles to apply them to the rest of your project and slotted elements used within any of the ICDS components, add the following into the top level CSS file as well.
@import "@ukic/web-components/dist/core/normalize.css";
Webpack is a tool for bundling web applications. This example assumes the following config in webpack.config.js
. For more detailed information on Webpack configuration, please refer to the Webpack documentation.
const path = require("path");
module.exports = {
entry: "./src/index.js",
output: {
filename: "main.js",
path: path.resolve(__dirname, "dist"),
},
devServer: {
static: "./dist",
},
mode: "development",
module: {
rules: [
{
test: /\.css$/i,
use: ["style-loader", "css-loader"],
},
],
},
};
// using npm
npm install @ukic/web-components @ukic/fonts
// using yarn
rm package-lock.json
yarn add @ukic/web-components @ukic/fonts
In the file defined as the entry
in the webpack.config.js
, add the following:
//src/index.js
import "@ukic/fonts/dist/fonts.css";
import "@ukic/web-components/dist/core/core.css";
import { defineCustomElements } from "@ukic/web-components/loader";
defineCustomElements();
You can now use any of the ICDS components so long as your HTML page includes the output file defined in your webpack.config.js
. For example, including an ic-status-tag below:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Getting Started with ICDS</title>
</head>
<body>
<script src="dist/main.js"></script>
<ic-status-tag label="Neutral"></ic-status-tag>
</body>
</html>
We have a couple of resources to help you with contributing.
If you've found a vulnerability, we want to know so that we can fix it. Our security policy tells you how to do this.
The team is only able to talk about the projects we've put on GitHub 🕵️. We unfortunately can't talk about the work of our departments 😢.
Visit our websites to learn more about:
Unless stated otherwise, the codebase is released under the MIT License. This covers both the codebase and any sample code in the documentation. The documentation is and available under the terms of the Open Government License v3.0.
© Crown copyright 2022
FAQs
A web component UI library compiled with StencilJS
We found that @ukic/web-components demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.