Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Gestalt is Pinterest’s design system. Our system includes a React component library with comprehensive guidelines, best practices, tools, and resources to support designers and engineers delivering a high-quality product.
Visit the official Gestalt Documentation
The package can be installed via npm:
npm i gestalt --save
npm i gestalt-charts --save
npm i gestalt-datepicker --save
Or via yarn:
yarn add gestalt
yarn add gestalt-charts
yarn add gestalt-datepicker
Gestalt exports each component as ES6 modules and a single, precompiled CSS file:
import { Text } from 'gestalt';
import 'gestalt/dist/gestalt.css';
import 'gestalt/dist/gestalt-datepicker.css';
That syntax is Webpack specific (and will work with Create React App), but you can use Gestalt anywhere that supports ES6 module bundling and global CSS.
Gestalt is a multi-project monorepo. The docs and components are all organized as separate packages that share similar tooling.
Install project dependencies and run tests:
yarn
yarn test
Build and watch Gestalt & run the docs server:
yarn start
Visit http://localhost:8888/ and click on a component to view the docs.
When a release will cause breaking changes — in usage or in typing — we provide a codemod to ease the upgrade process. Codemods are organized by release in /packages/gestalt-codemods
.
Clone the Gestalt repo locally if you haven't already. Run the relevant codemod(s) in the relevant directory of your repo (not the Gestalt repo): anywhere the component to be updated is used. Example usage for a codebase using TypeScript:
yarn codemod --parser=tsx -t={relative/path/to/codemod} relative/path/to/your/code.tsx
For a dry run to see what the changes will be, add the -d
(dry run) and -p
(print output) flags (pipe stdout to a file for easier inspection if you like).
Every commit to master performs a release. As a reviewer, ensure the correct label is attached to every PR. Please follow semantic versioning.
patch release
: documentation updates / spelling mistakes in code / internal scriptsminor release
: add component / add component props / API change with codemodmajor release
: backwards incompatible API change without codemodExample PR title: Avatar: Add outline prop
Gestalt officiallty supports and maintains Typescript declarations files.
Gestalt is Pinterest's open-sourced design system. However, Gestalt's web component library is almost exclusively developed by a 5 engineer team within Pinterest, and our primary customers are Pinterest engineers who use Gestalt. The team’s priority is the needs of our internal Pinterest customers.
We do not have resources to work on features or issues requested only by external developers. We also handle a very large amount of internal support requests, so we do not have the resources to respond to external Github issues.
Pinterest is staying open source, as it's a great resource for the design and engineering community, but we don't provide support to external developers. If you need to get in touch, send us an email.
Take a look at our FAQ section if you run into any development problems.
156.7.0 (Jul 31, 2024)
FAQs
A set of React UI components which enforce Pinterest's design language
The npm package gestalt receives a total of 3,104 weekly downloads. As such, gestalt popularity was classified as popular.
We found that gestalt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.