Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Classical float based fluid grid system.
The grid system is used to create page layouts with inherent visual harmony through consistent vertical gaps – think newspaper. It has 15 columns (grid units) with a percentage based division. The subdivision spans are offered based on grid units and percentage. The columns are separated by so-called gutters which are marginal columns which should not contain any content unless the content spans multiple columns.
A grid is usually used in the content area of the page but it can be used in
any other container.
A container with the class vclGridRow
opens it and
is filled with column spans like vclGridSpan-3
(three grid units)
or alternatively percentage based ones like vclGridSpan-25p
(a quarter).
See the example for the whole variety.
Nesting is only supported through percentage based spans as shown in the demo.
vclGridRow
vclGridSpan-1..15
: Column unit based grid spans.vclGridSpan-5p, 10p, 15p ... 100p
: Percentage based grid spans.vclGridSpan-gca
: Golden cut a.vclGridSpan-gcb
: Golden cut b.vclGutterMargin
: margin at half gutter width, applicable to any element.vclGutterMarginTB
: Top/ bottom margin at half gutter width, applicable
to any element.vclGutterMarginLR
: Left/ right margin at half gutter width, applicable
to any element.vclGridSpanCentered
: Vertically center a grid column if it is the only
column.--grid-half-gutter-width
example.html on GH-pages.
FAQs
Float based fluid grid system
The npm package @vcl/grid receives a total of 0 weekly downloads. As such, @vcl/grid popularity was classified as not popular.
We found that @vcl/grid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.