Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
bonree-design
Advanced tools
An enterprise-class UI design language and React components implementation
与 antd-4.17.4 保持一致并固定此版本
├── components # 组件源码和demo
├── docs # 文档markdown内容
├── site # 文档网站布局和代码
└── package.json
组件库分为绿色主题版、蓝色主题版,分别对应分支bonree-green
、bonree-blue
。
bonree-blue
分支基于bonree-green
分支并做了一些特殊处理,所以请注意:
bonree-green
分支修改代码并提交bonree-blue
分支,合并bonree-green
分支到bonree-blue
分支windows 环境不要使用 power shell
$ npm install
$ npm run start
mac 环境报错
windows 环境下 node-gyp 提示要安装 Python
Run CMD as Administrator:
npm --add-python-to-path='true' install --global windows-build-tools
安装 windows-build-tools 需要非常非常长的时间
如果安装 windows-build-tools 失败,可以尝试手动安装 python
基本原则: 多覆盖,少修改
4.17.0 及以上版本代码中存在两套主题 less 文件,npm run build
打包时使用components\style\themes\default.less
,但npm run start
则是使用components\style\themes\variable.less
.
所有样式改动只能注释源代码再新增代码
在components\style\themes\index.less
中配置主题
components\style\themes\default.less
做任何改动components\style\themes\variable.less
做任何改动components\style\themes\index.less
重新赋值br-
开头命名变量// 全局主色
@primary-color: #00ccd9;
// 页面、按钮文字颜色
@text-color: #4e4e4e;
// 字体最大
@br-font-size-largest: 16px;
// 主要用于页面卡片
@br-border-radius-lg: 5px;
组件样式改动
参照官方要求Code convention for antd
参照官方要求Configuration for Documentation and Demo
// 打包编译
$ npm run build
// 发布npm包
$ npm run pub
!!非常重要!!:执行
npm run build
打包编译前,必须在 package.json 中 name 字段末尾加上'-antd',要不然会编译失败。 执行npm run pub
前,必须将 package.json 中 name 字段去掉'-antd',要不然会发布到其他 npm 包中。
// 构建文档网站
$ npm run site
form 表单错误提示的中英文切换需要在项目代码中额外添加
useEff(() => {
FormInstance.validateFields;
}, [i18n.local]);
FAQs
An enterprise-class UI design language and React components implementation
The npm package bonree-design receives a total of 164 weekly downloads. As such, bonree-design popularity was classified as not popular.
We found that bonree-design demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.