Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
bonree-design
Advanced tools
An enterprise-class UI design language and React components implementation
与 ant-design 仓库 master 分支保存同步
├── components # 组件源码和demo
├── docs # 文档markdown内容
├── site # 文档网站布局和代码
└── package.json
windows 环境不要使用 power shell
$ npm install
$ npm run start
mac 环境报错
windows 环境下 node-gyp 提示要安装 Python
Run CMD as Administrator:
npm --add-python-to-path='true' install --global windows-build-tools
安装 windows-build-tools 需要非常非常长的时间
如果安装 windows-build-tools 失败,可以尝试手动安装 python
基本原则: 多覆盖,少修改
4.17.0 及以上版本代码中存在两套主题 less 文件,npm run build
打包时使用components\style\themes\default.less
,但npm run start
则是使用components\style\themes\variable.less
.
所有样式改动只能注释源代码再新增代码
在components\style\themes\index.less
中配置主题
components\style\themes\default.less
做任何改动components\style\themes\variable.less
做任何改动br-
开头命名变量// 全局主色
@primary-color: #00ccd9;
// 页面、按钮文字颜色
@text-color: #4e4e4e;
// 字体最大
@br-font-size-largest: 16px;
// 主要用于页面卡片
@br-border-radius-lg: 5px;
组件样式改动
参照官方要求Code convention for antd
参照官方要求Configuration for Documentation and Demo
$ npm run build
$ npm run pub
picker=time
和showTime
属性form 表单错误提示的中英文切换需要在项目代码中额外添加
useEff(() => {
FormInstance.validateFields;
}, [i18n.local]);
FAQs
An enterprise-class UI design language and React components implementation
The npm package bonree-design receives a total of 164 weekly downloads. As such, bonree-design popularity was classified as not popular.
We found that bonree-design demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.