Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
description..
A component provides true modularity of all units that comprise a web application. Components may be as small or large as you see fit, and are npm-installable modules like any other in node, and thus dependencies are resolved for you, promoting smaller re-usable scripts.
Currently all components with client-side
JavaScript use file-scoping, as they are wrapped
with a function exposing them to a common-js
require()
system similar to node's.
The declarative nature of components means that in the future we could dynamically serve components after a page has loaded, backed by something like requirejs or similar.
A component may be JavaScript, CSS, images,
server-side scripts, or any combination necessary. The
following is the simplest possible component, consisting
of a single script jquery
.
{
"name": "jquery",
"description": "The jQuery library",
"version": "0.0.1",
"component": {
"scripts": {
"jquery": "build/jquery.js"
}
}
}
Once served with component jquery would be available to the client:
var $ = require('jquery');
Stylesheets ideally should contain only structural styling, leaving opinionated colors and design to the host application.
Components should not directly depend on polyfills. For example
you should assume JSON.parse()
is available, the host application
may choose to conditionally load a polyfill if desired.
Specs...
FAQs
Control cloud with command line
The npm package cloud receives a total of 0 weekly downloads. As such, cloud popularity was classified as not popular.
We found that cloud demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.