Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@unimelb/pattern-lib-vue
Advanced tools
Copyright © 2017 - The University of Melbourne
The contents of this repository have been produced by The University of Melbourne for internal use and must not be distributed without the express permission of The University of Melbourne.
The design system requires Node.js ~6.11.3, and the latest version of yarn. To set it up, run:
git clone https://github.com/unimelb/pattern-lib.git
cd pattern-lib
cp .env.example .env
yarn
Storybook is the main development environment.
yarn start
- http://localhost:7002/yarn build
to build the documentation site to /.out/docs
. Environment variable LOAD_EXTERNAL_ASSETS
controls whether the documentation site is to load the library assets locally (false
) or from the CDN (true
).targets/lib
The main UI library for use in the CMS. The target provides a local development environment for testing purposes.
yarn start:lib
- http://localhost:7003/.yarn build:lib
to compile the library to .out/lib/<version>
, including ui.css
, ui.js
, sprite.svg
, and SVG assets in components/shared
. You can then use http-server
or another static file server to serve the output directory.The following environment variables are available to configure the behaviour of yarn build:lib
:
LOAD_EXTERNAL_ASSETS
controls whether the library is to load its assets locally (false
) or from the CDN (true
).LIB_EMIT_HTML
controls whether to emit the demo HTML file - set it to true
to emit the file.LIB_LOAD_VERSION
controls which version of the library to load in the demo:
auto
to load the latest version from the CDN (i.e. the version specified in package.json
),0.0.12
(no v
prefix).targets/vue
The library with all the Vue components for use in single-page apps and other Vue-based projects.
yarn build:vue
to compile the library to .out/vue.js
.CSS files are linted on the fly with stylelint. The configuration file, .stylelintrc
, extends two shared configuration: stylelint-config-standard
and stylelint-config-property-sort-order-smacss
.
JS files and single-file Vue components are linted on the fly with ESLint. The configuration file, .eslintrc
, extends two shared configurations: eslint-config-airbnb
and plugin:vue/recommended
For your own sanity, make sure to install your code editor's ESLint and stylelint extensions. The following commands are available for on-demand linting and fixing:
yarn lint
yarn lint:fix
yarn lint:css
yarn lint:css --fix
yarn lint:js
yarn lint:js --fix
New components can be scaffolded by running:
yarn generate component
You will then be asked for the name of the component, this will be used to create a new folder with a minimal component layout and story.
New stories can be scaffolded too by running:
yarn generate story
You will need to select the component from the list of folders, then confirm the selection by selecting choose this directory
. You will then be asked to give the story a name.
Note This requires some special comments are added in the stories/index.js file. If it doesn't work make sure the comments are the same as in the template directory
At the start of a new release sprint:
next-release
.Throughout the release sprint:
pr-
label to every new PR: pr-major
if it contains a breaking change, pr-minor
if it adds a new feature, pr-patch
in all other cases.next-release
as they are resolved/merged.bug
, chore
, feature
, etc.)At the end of the release sprint:
next-release
throughout the sprint and identify the highest-level of change (major, minor or patch). Deduce the next release's version number and rename the milestone accordingly..github/RELEASE_NOTES_TEMPLATE.md
.To deploy to production:
version
number in package.json
(cf. note below).dev
branch.dev
branch into master
- e.g. "Deploy v1.0.1".Semaphore then automatically builds the library and syncs the output files to S3. If the version you're deploying had been previously deployed, you'll need to invalidate the files on the CDN (AWS Cloudfront) or wait a day or so for this to happen automatically. Once the library is deployed, follow the release process below.
Note on versioning: the version number follows the semver convention
MAJOR.MINOR.PATCH
, where:MAJOR
corresponds to a breaking change (e.g. a change in a component's markup),MINOR
to a new feature (e.g. a new component, a new feature for an existing component, etc.), andPATCH
to a bug fix or under-the-hood change (e.g. code clean-up, performance improvement, etc.)
Note on rebase: rebasing
dev
ontomaster
avoids creating a merge commit that would require mergingmaster
back intodev
.
Supported browsers:
Recommended mobile devices for testing:
FAQs
A complete design system for the University of Melbourne.
The npm package @unimelb/pattern-lib-vue receives a total of 459 weekly downloads. As such, @unimelb/pattern-lib-vue popularity was classified as not popular.
We found that @unimelb/pattern-lib-vue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.