Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
govuk-prototype-kit
Advanced tools
Go to the GOV.UK Prototype Kit site to get the latest version and read the documentation.
The Prototype Kit provides a simple way to make interactive prototypes that look like pages on GOV.UK. These prototypes can be used to show ideas to people you work with, and to do user research.
Read the project principles.
If you publish your prototypes online, they must be protected by a password. This is to prevent members of the public finding prototypes and thinking they are real services.
You must protect user privacy at all times, even when using prototypes. Prototypes made with the kit look like GOV.UK, but do not have the same security provisions. Always make sure you are handling user data appropriately.
We always recommend you use the current long term support (LTS) version of Node.js.
The Prototype Kit always supports at least the current and previous LTS releases.
The GOV.UK Prototype Kit is maintained by the Government Digital Service. If you’ve got a question or need support you can:
If you’ve got an idea or suggestion, you can:
The govuk-prototype-kit repository is public and we welcome contributions from anyone.
Contributors to alphagov repositories are expected to follow the Contributor Covenant Code of Conduct. Contributors working within government are also expected to follow the Civil Service code.
We're unable to monitor activity on this repository outside of our office hours (10am to 4pm, UK time). To get a faster response at other times, you can report abuse or spam to GitHub.
GDS is an advocate of responsible vulnerability disclosure. If you’ve found a vulnerability, we would like to know so we can fix it.
For full details on how to tell us about vulnerabilities, see our security policy.
FAQs
Rapidly create HTML prototypes of GOV.UK services
We found that govuk-prototype-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.