Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This template is a starting point for building apps using a drawer-based
layout. The layout is provided by app-layout
elements.
This template, along with the polymer-cli
toolchain, also demonstrates use
of the "PRPL pattern" This pattern allows fast first delivery and interaction with
the content at the initial route requested by the user, along with fast subsequent
navigation by pre-caching the remaining components required by the app and
progressively loading them on-demand as the user navigates through the app.
The PRPL pattern, in a nutshell:
Check out our blog post that covers what's changed in PSK2 and how to migrate!
Install polymer-cli:
npm install -g polymer-cli
mkdir my-app
cd my-app
polymer init starter-kit
This command serves the app at http://localhost:8080
and provides basic URL
routing for the app:
polymer serve --open
This command performs HTML, CSS, and JS minification on the application
dependencies, and generates a service-worker.js file with code to pre-cache the
dependencies based on the entrypoint and fragments specified in polymer.json
.
The minified files are output to the build/unbundled
folder, and are suitable
for serving from a HTTP/2+Push compatible server.
In addition the command also creates a fallback build/bundled
folder,
generated using fragment bundling, suitable for serving from non
H2/push-compatible servers or to clients that do not support H2/Push.
polymer build
This command serves the minified version of the app at http://localhost:8080
in an unbundled state, as it would be served by a push-compatible server:
polymer serve build/unbundled
This command serves the minified version of the app at http://localhost:8080
generated using fragment bundling:
polymer serve build/bundled
This command will run Web Component Tester against the browsers currently installed on your machine.
polymer test
You can extend the app by adding more views that will be demand-loaded
e.g. based on the route, or to progressively render non-critical sections
of the application. Each new demand-loaded fragment should be added to the
list of fragments
in the included polymer.json
file. This will ensure
those components and their dependencies are added to the list of pre-cached
components (and will have bundles created in the fallback bundled
build).
FAQs
Collaborative Docs
The npm package codocs receives a total of 1 weekly downloads. As such, codocs popularity was classified as not popular.
We found that codocs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.