Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
@uniformdev/context-ui
Advanced tools
Readme
.env.example
and rename to .env
, set up your project id, host, and API key.pnpm storybook
- run storybook app on http://localhost:9011/, is used for creating and editing components.Icon component can be is used only as a child of IconsProvider component.
pnpm build
- builds icons, JS modules, and CSS.This package uses Tailwind CSS. Run pnpm build:css
to compile the CSS file, which will run PostCSS with the Tailwind plugin against all .css
files in the assets
folder. The compiled CSS will be output to dist/assets/[filename].css
.
When Sanity Studio imports the JS modules exported by our plugin, the Sanity Studio bundler will also automatically import any CSS files that our code imports, e.g. import '../dist/assets/optimize.css';
NOTE: be sure to set NODE_ENV=production if you want PostCSS to purge unused CSS.
If you want to import SVG icons as components in your code, do the following:
src/assets
folderpnpm build:icons
This will generate React components for every SVG icon in the src/assets
folder. You can then import the icons in other React components, e.g. import MyIcon from '../assets/MyIcon';
.
Ideally, we could have import MyIcon from '../assets/my-icon.svg
in our code and the SVG icon would automatically be converted to a React component at build time and our source code would be transformed to import the component. However, we're not using a bundler so it becomes challenging because we can't "hook" into the TypeScript build/transpile process. We could introduce a build tool like ESBuild
or @babel/typescript
and stop using tsc
, but those options more tooling/overhead. We could also potentially use something like ttypescript
(https://github.com/cevek/ttypescript) to create babel-esque plugins for TypeScript, but who knows how reliable that is and if we'd run into any issues in CI/testing.
So, for now, icons are somewhat of a manual process.
No CommonJS modules are exported from this package as the package is intended to be consumed by Sanity Studio and not used during SSR.
FAQs
React-based functionality and components for Uniform Context
The npm package @uniformdev/context-ui receives a total of 1,167 weekly downloads. As such, @uniformdev/context-ui popularity was classified as popular.
We found that @uniformdev/context-ui demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.