Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
altos-react-text-editor
Advanced tools
- [Overview](#overview) - [Using library](#using-library) * [Server Side Rendering](#server-side-rendering) - [Preparation and starting the application](#preparation-and-starting-the-application) * [Installation](#installation) - [Deploying to Github
This project is a Markdown editor library. Thanks to it, it is possible to use Markdown in a simple and pleasant way. It is written using React, styled-components. React-hook-form was used to render forms alogn with yup.
The newest test version should be released there -> example page
Simply run:
yarn add altos-react-text-editor
and then import TextEditor
import 'altos-react-text-editor/dist/style.css';
import { TextEditor } from 'altos-react-text-editor';
const AltosTextEditor: React.FC = () => {
const onDataChange = useCallback(() => {}, [])
return (
<TextEditor data="" mode="active" onDataChange={onDataChange} />
)
}
This library cannot be rendered on the server! That's why it's important to render it only on the client side.
So basically.. the library will never and should not be rendered on the server.
How to use it with Next.js? It's not the best solution. We shouldn't use lazy loading components in this case, but it's a "now" solution. In the future, this must be changed and a better solution must be found
yarn add altos-react-text-editor
import 'altos-react-text-editor/dist/style.css';
import { TextEditor } from 'altos-react-text-editor';
const AltosTextEditor: React.FC = () => {
const onDataChange = useCallback(() => {}, [])
return (
<TextEditor data="" mode="active" onDataChange={onDataChange} />
)
}
export default AltosTextEditor;
AltosTextEditor
via dynamicimport dynamic from 'next/dynamic'
const AltosTextEditorDynamic = dynamic(() =>
import('<--path_to_the_component->'), {
loading: () => <p>Loading...</p>,
ssr: false,
}
)
export default function MyComponent() {
return (
<div>
Hello!
<AltosTextEditorDynamic />
</div>
)
}
For consistency and to ensure that each developer uses the same version of Node.js, we used nvm (How to install nvm on macos).
cd /your_path
git clone git@github.com:DareData/notion-style-editor.git
cd notion-style-editor
nvm use
yarn
yarn prepare
yarn start
If you want to share the current state of the library with external people, you can use Github Pages where a test version is placed for testing by testers.
To add a new version, you just need to run the following commands:
yarn build:pages
git commit -m"<--any_commit_message-->"
git push origin <--your_branch-->
Just remember that the changes you upload should be visible on github pages, your changes should be in the same branch on which github pages is currently "listening". Here you can check on which branch github is currently listening for changes.
If you want to build a library to be used by external applications, you need to run the following commands:
yarn build
Your library has been created in the dist
folder.
Check, whether onDataChange
and data
do not change their reference. When one of them changes, the old editor is "unmounted" and a new one is "mounted".
https://blog.logrocket.com/understanding-react-exhaustive-deps-linting-warning/
Unfortunately after using https://github.com/btd/rollup-plugin-visualizer, I noticed that both of these plugins are around 4MB
In addition, fonts take up quite a lot of space.
Moreover.. the code is not minified yet, so 60% of the size will be reduced. Also remember about compression, which will also reduce the size of the package.
FAQs
- [Overview](#overview) - [Using library](#using-library) * [Server Side Rendering](#server-side-rendering) - [Preparation and starting the application](#preparation-and-starting-the-application) * [Installation](#installation) - [Deploying to Github
The npm package altos-react-text-editor receives a total of 0 weekly downloads. As such, altos-react-text-editor popularity was classified as not popular.
We found that altos-react-text-editor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.