Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This project is under active development, we recommended not using alpha releases in your project.
Clay is Liferay's web implementation of the Lexicon Design Language. It is built with HTML, CSS, and Javascript with Bootstrap as a foundation.
You can view the various components on the Clay site.
If you would like to contribute, or make changes on your system you need to do the following:
Clone the repo to your computer
If you don't already have it installed. You can find more info here: http://nodejs.org/ Node and NPM come bundled together, so you only need to install one package.
Run npm install
inside of the clay
directory
The files are generated from the src/
directory, however, most of the files you'd be interested in changing are in src/content/
. Files can be either HTML (.html
) or Markdown (.md
).
Every file in src/content/
has a heading at the top in YAML format that looks something like:
---
title: Title of the Page
---
This section has a couple of options that can be leveraged for different purposes. Those will be covered below.
Run gulp build
to generate the static files.
The generated files are placed into the build/
directory.
Sass files in the .scss
format are generated to CSS, Markdown files with the extension of .md
are generated to HTML, and HTML files have one bit of processing applied, which is that HTML inside of triple ticks is escaped, like so:
```
<div>Foo</div>
```
There are a couple of properties you can add to the headings of files, only one of which is required:
title:
: (Required) This is used for the title of the page in the heading and in the navigation sidebar
navIndex:
: The navigation is sorted alphabetically by default, but if you pass a navIndex:
property, it will manually sort the item into that position.
The property is any number, with 0
as the first position, but you can also pass in a keyword of last
to force an item to the end.
section:
: If you want to group multiple files into sections, in each of those files, pass the same title to the section:
property. That title will be used for the section heading, and the files will be sorted in there. The navIndex:
property works inside of sections as well.
You can pass these options when running gulp
.
build
: This is the default task, so running just gulp
will fire off the build task.
This will generate all of the HTML/CSS/etc into the build/
directory.
watch
: Because running a script after every change can get tedious, run gulp watch
to rebuild the files automatically as you change files.
serve
: Starts a local server on port 3000 and also runs the watch task.
release
: This task will create a zip file located in the root of the repo with the version number located in the package.json.
We use this to deploy into Liferay.
toc
: If you add a section to the README file, running gulp toc
will generate a new table of contents.
You can view the full changelog here.
FAQs
Clay
The npm package clay receives a total of 505 weekly downloads. As such, clay popularity was classified as not popular.
We found that clay demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.