Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
gatsby-plugin-typography
Advanced tools
Gatsby plugin to setup server rendering of Typography.js' CSS
A Gatsby plugin for utilizing the Typography library with minimal configuration.
See it in action in the Tutorial (source)
npm install --save gatsby-plugin-typography
A typical typography.js
file utilizing one of its themes might look like this:
import Typography from "typography";
import grandViewTheme from "typography-theme-grand-view";
const typography = new Typography(grandViewTheme);
export default typography;
You then have to take the exported stylesheets and inline them in your entry file. Since a theme comes with two fonts, you also have to make sure you have the fonts available somehow.
By using gatsby-plugin-typography
and specifying the path to your typography.js
file via the pathToConfigModule
option (see below), the inclusion of your typography styles and any relevant fonts is taken care of by a pair of helper methods under the hood, keeping your typography-related config in a single location and your entry file sparse.
// In your gatsby-config.js
module.exports = {
plugins: [
{
resolve: `gatsby-plugin-typography`,
options: {
pathToConfigModule: `src/utils/typography`,
},
},
],
}
pathToConfigModule
: (string) The path to the file in which you export your typography configuration.omitGoogleFont
: (boolean, default: false
) Typography includes a helper that makes a request to Google's font CDN for the fonts you need. You might, however, want to inject the fonts into JS or use a CDN of your choosing. Setting this value to true
will make gatsby-plugin-typography
skip the inclusion of this helper. You will have to include the appropriate fonts yourself.FAQs
Gatsby plugin to setup server rendering of Typography.js' CSS
We found that gatsby-plugin-typography demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.