Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@unimelb/pattern-lib-vue
Advanced tools
Copyright © 2017 - The University of Melbourne
The contents of this repository have been produced by The University of Melbourne for internal use and must not be distributed without the express permission of The University of Melbourne.
dev
branch)master
branch)The design system requires:
# 1. Clone the repository.
git clone https://github.com/unimelb/pattern-lib.git
# 2. Enter your newly-cloned folder.
cd pattern-lib
# 3. Copy the env file.
cp .env.example .env
# 4. Copy the git pre-push hook
cp pre-push.sh .git/hooks/pre-push
# 4. Install dependencies. Make sure yarn is installed: https://yarnpkg.com/lang/en/docs/install
yarn
# 5. Read the documentation linked below.
Storybook is the main development environment.
yarn dev
- http://localhost:7002/yarn build
to build the documentation site to /.out/docs
. Environment variable LOAD_EXTERNAL_ASSETS
controls whether the documentation site is to load the library assets locally (false
) or from the CDN (true
).This project includes generators to speed up common development tasks. Commands include:
# Generate a new component
yarn generate component
You will then be asked for the name of the component, this will be used to create a new folder with a minimal component layout and story
Note: Always remember to add the new component to the file
index.js
inside of the folderstarget/lib
andtarget/vue
, that way the component will be exportable toMatrix CMS
viaCDN
andVue
viaNPM
.
# Generate a new view component
yarn generate story
You will need to select the component from the list of folders, then confirm the selection by selecting choose this directory
. You will then be asked to give the story a name.
Note: This requires some special comments are added in the
stories/index.js
file. If it doesn't work make sure the comments are the same as in the template directory.
In Storybook: When adding the "how to use a component" documentation, add a description that clearly shows that ( in the CMS environment) a component must be used in the way of closing the tag explicitly, as shown in the following example:
(In the CMS, self closing tags won't load the component:)
# self close the components
<my-new-component/>
(To be compatible with CMS, call the component this way:)
# explicitly closing
<my-new-component></my-new-component>
Note: Matrix CMS can only use the components in that way and must be in the
target/lib
folder as well. You can self-close a component when importing it in a parent component in the pattern-lib context. The rule described above applies just when the component is called in the CMS context. ie. footer component, which is used like this in CMS:<page-footer-alt></page-footer-alt>
instead of<page-footer-alt />
.
targets/lib
The main UI library for use in the CMS. The target provides a local development environment for testing purposes.
yarn start:lib
- http://localhost:7003/.yarn build:lib
to compile the library to .out/lib/<version>
, including ui.css
, ui.js
, sprite.svg
, and SVG assets in components/shared
. You can then use http-server
or another static file server to serve the output directory.The following environment variables are available to configure the behaviour of yarn build:lib
:
LOAD_EXTERNAL_ASSETS
controls whether the library is to load its assets locally (false
) or from the CDN (true
).LIB_EMIT_HTML
controls whether to emit the demo HTML file - set it to true
to emit the file.LIB_LOAD_VERSION
controls which version of the library to load in the demo:
auto
to load the latest version from the CDN (i.e. the version specified in package.json
),0.0.12
(no v
prefix).targets/vue
The library with all the Vue components for use in single-page apps and other Vue-based projects.
yarn build:vue
to compile the library to .out/vue.js
.CSS files are linted on the fly with stylelint. The configuration file, .stylelintrc
, extends two shared configuration: stylelint-config-standard
and stylelint-config-property-sort-order-smacss
.
JS files and single-file Vue components are linted on the fly with ESLint. The configuration file, .eslintrc
, extends two shared configurations: eslint-config-airbnb
and plugin:vue/recommended
For your own sanity, make sure to install your code editor's ESLint and stylelint extensions. The following commands are available for on-demand linting and fixing:
yarn lint
yarn lint:fix
yarn lint:css
yarn lint:css --fix
yarn lint:js
yarn lint:js --fix
At the start of a new release sprint:
next-release
.Throughout the release sprint:
pr-
label to every new PR: pr-major
if it contains a breaking change, pr-minor
if it adds a new feature, pr-patch
in all other cases.next-release
as they are resolved/merged.deprecated
, documentation
, etc.)At the end of the release sprint:
[!NOTE] > Note on versioning: the version number follows the semver convention
MAJOR.MINOR.PATCH
, where:MAJOR
corresponds to a breaking change (e.g. a change in a component's markup),MINOR
to a new feature (e.g. a new component, a new feature for an existing component, etc.), andPATCH
to a bug fix or under-the-hood change (e.g. code clean-up, performance improvement, etc.)
next-release
throughout the sprint and identify the highest-level of change (major, minor or patch). Deduce the next release's version number and rename the milestone accordingly..github/RELEASE_NOTES_TEMPLATE.md
.version
number in package.json
(cf. note below).dev
branch.dev
branch into master
- e.g. "Deploy v1.0.1".Create a merge commit
design-systems
slack channel using the following template:@channel new `gen2` version `vx.x.x` is out: https://github.com/unimelb/pattern-lib/releases/tag/vx.x.x
[!TIP] Github Actions then automatically builds the library and syncs the output files to S3. If the version you're deploying had been previously deployed, you'll need to invalidate the files on the CDN (AWS Cloudfront) or wait a day or so for this to happen automatically. Once the library is deployed, follow the release process below.
Pre-release builds can be created like this (using the git pre-push hook behind the scenes):
[!NOTE] > Note on pre-release versions: These are legitimate semver versions. They have the format MAJOR.MINOR.PATCH-beta.NUMBER. Only these pre-release versions will be published on
dev
.
dev
branchgit push
- this will increment the pre-release version number and make a commit to your local repositorygit push
again
y
dev
repoYou can test pull-requests
on live sites by using ?preview=test-xxx
where xxx
is the pull-request number
.
For example: https://study.unimelb.edu.au/?preview=test-2203 will load https://github.com/unimelb/pattern-lib/pull/2203
Code changes to the remote
dev
branch triggers aGithub Actions
deploy into the AWS S3 Bucket in a folder calledlatest
where theCMS
team can appoint tolatest
and test it out before go toproduction
.
Each
pull request
that is opened, also is automatically generated a comment with a preview link to test it.
Note: Always check
Github Actions
in yourpull request
checks to insure it is building properly, before merge intodev
.
Supported browsers:
Recommended mobile devices for testing:
You can run visual snapshot testing using yarn test:snapshots
. This compares your changes against the latest visual snapshot. Failed snapshot tests will show a visual diff comparison in snapshots/__tests__/__image_snapshots__/__diff_output__
.
If you wish to update the snapshots with your changes run yarn test:e2e:updatesnapshots
.
The following UoM websites are using these components on the new Squiz CMS (Gen 2). Documentation on how to use these components in Edit+ Gen 2 documentation
FAQs
A complete design system for the University of Melbourne.
The npm package @unimelb/pattern-lib-vue receives a total of 459 weekly downloads. As such, @unimelb/pattern-lib-vue popularity was classified as not popular.
We found that @unimelb/pattern-lib-vue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.