Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
gestalt
Advanced tools
Gestalt is a set of React UI components that enforces Pinterest’s design language. We use it to streamline communication between designers and developers by enforcing a bunch of fundamental UI components. This common set of components helps raise the bar for UX & accessibility across Pinterest.
View the full docs or Check out the Gestalt playground
npm i gestalt --save
or yarn add gestalt
Gestalt exports each component as ES6 modules and a single, precompiled CSS file:
import { Text } from 'gestalt';
import 'gestalt/dist/gestalt.css';
That syntax is Webpack specific (and will work with Create React App), but you can use Gestalt anywhere that supports ES6 module bundling and global CSS.
Gestalt is a multi-project monorepo. The docs, components and integration tests are all organized as separate packages that share similar tooling.
Install project dependencies and run tests:
yarn
yarn test
Build and watch Gestalt & run the docs server:
yarn start
Visit http://localhost:3000/ and click on a component to view the docs.
Using the Masonry playground:
cd test && yarn start
open "http://localhost:3001/Masonry"
Running Masonry's integration tests. This will leave lots of Firefox processes hanging around, so please be warned.
./run_integration_tests
When a release will cause breaking changes — in usage or in typing — we provide a codemod to ease the upgrade process. Codemods are organized by release in /packages/gestalt-codemods
. We recommend using jscodeshift to upgrade.
Install jscodeshift
globally if you haven't already.
yarn global add jscodeshift
Clone the Gestalt repo locally if you haven't already. Run the relevant codemod(s) in the relevant directory of your repo (not the Gestalt repo): anywhere the component to be updated is used. Example usage for a codebase using Flow:
jscodeshift --parser=flow -t={relative/path/to/codemod} relative/path/to/your/code
For a dry run to see what the changes will be, add the -d
(dry run) and -p
(print output) flags (pipe stdout to a file for easier inspection if you like).
If you haven’t already, you’ll first need to create an npm account. Once you've done that
you can setup your username and email in Yarn using yarn login
.
The following outlines our release process:
packages/gestalt/package.json
& update CHANGELOG.md
.npm login
using your npm username and password../scripts/publish.js
to publish the tag, npm package, and docs.Install the DefinitelyTyped definitions.
npm i --save @types/gestalt
or
yarn add @types/gestalt
FAQs
A set of React UI components which enforce Pinterest's design language
The npm package gestalt receives a total of 3,104 weekly downloads. As such, gestalt popularity was classified as popular.
We found that gestalt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.