Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Changelog of npm version: https://github.com/Bobris/Bobril/blob/master/CHANGELOG.md
Component oriented framework inspired by ReactJs (Virtual DOM, components with state) and Mithril (small size, more complete framework). Compared to ReactJS Added speeeed, autoprefixer, CSS in JS, router, additional livecycle methods, only rAF based repaint. Bobril ignores Isomorphic JavaScript, because it would increase size and is not needed for SEO anyway (Google bot supports JavaScript). Client applications are expected to be written in TypeScript. Because it is heavily used in production, backward compatibility is king. Any new feature must be optional or its perceived value to minified size ratio must be high enough.
It is intended to be used with bobril-build.
Old Examples: http://bobris.github.io/Bobril/
For modern code look at Bobril Material: https://github.com/Bobril/Bobril-m
Tutorial videos [cz][en sub]:
See it in vdom-benchmarks: http://vdom-benchmark.github.io/vdom-benchmark/
Chrome plugin to help you to inspect running Bobril application: https://chrome.google.com/webstore/detail/clouseau/npfemnefhbkiahihigplihehpbgkbhbj (Github source for it is here: https://github.com/klesta490/bobril-clouseau)
Features:
Optional addins - separate npm modules:
Whole simple applications including Bobril could fit into 17kb gzipped. Bobril-build does dead-code elimination and module flattening.
Uses NodeJs, NPM, TypeScript, Jasmine
MIT Licensed
Install npm i bobril-build -g
.
And then just start bb
(bobril-build).
For helping writing TypeScript you can use VSCode.
If you want to work on something create bug with description, so work is not duplicated.
20.7.0
Allow to provide custom function to setKeysInClassNames, it can change className, style, attrs.
FAQs
Component Oriented MVC Framework with virtual DOM and CSS
The npm package bobril receives a total of 0 weekly downloads. As such, bobril popularity was classified as not popular.
We found that bobril demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.