Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
generator-z-frontend
Advanced tools
Readme
run npm install generator-z-frontend -g
After that, you can run yo z-frontend
from a project to start the
generator.
This is a heavily opinionated frontend generator, tailored to my needs.
I mostly use it to complement the way I work with the Symfony Framework, but in theory, it should work with any framework.
As such, it may or may not work for you, but I'd be glad to hear out advices or discuss PRs / feature-requests. :)
The workflow and rules described shortly are havily influenced by my personal experiences working on several projects over the years, and also by OOCSS methodologys and articles.
For the generator to work properly, a workflow must be adapted.
It assumes the following:
The vendors
, images
and watch
tasks are only ever run on the
developer's machines.
The results of the vendors and images tasks can be tracked by a vcs even if there are more developers involved on the frontend.
So whenever new images, or something were added to the vendors, these tasks then need to be run manually.
The styles
and scripts
tasks are being run on every deployment.
The output of these tasks depend on the environment (prod or dev) they are in. (ex: sourcemap generation) Also: if more than one frontend developer is involved in the project, it's very easy to introduce conflicts. However, by not tracking it by the vcs, and rebuilding the results on every deployment, it resolves these possible issues.
These rules are about the sass files which will make your life easier on the long run. :)
Details about a particular file's role can be found in comments in that file.
Classname naming conventions
Presentational classes and javascript "hooks" must be separated.
c-
,js-
.@import
-ed in the main scss files (and not mentioned
above), must be prefixed with an underscore.The styles/overwrites/
folder
In this folder only 3rd party overwrites can be placed.
Examples may include: Foundation / Bootstrap, jQuery UI etc.
The styles/includes/
folder
In this folder, only mixins and functions can be placed.
Every mixin and function must have a separate file, and the
filename must be the mixin's / function's name, prefixed with an
underscore, having the following syllables separated by a dash.
Ex.: _my-mixin.scss
, which contains the my-mixin
mixin.
The styles/components/
folder
config/_global.scss
file.The styles/config/global.scss
file
Color variables and global configurations must be placed here. Follow the naming conventions presented there strictly.
FAQs
A Yeoman Generator to generate a basic frontend dir structure and boilerplate code.
We found that generator-z-frontend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.