
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
graphql-playground-react2
Advanced tools
GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).
GraphQL IDE可用于更好的开发工作流(GraphSQL订阅、交互式文档和协作)。 以graphql-playground-react版本1.7.28为基础进行的二次开发.

{
'editor.cursorShape': 'line', // 光标形状 值: 'line', 'block', 'underline'
'editor.fontFamily': `'Source Code Pro', 'Consolas', 'Inconsolata', 'Droid Sans Mono', 'Monaco', monospace`, // 字体
'editor.fontSize': 14, // 字体大小
'editor.reuseHeaders': true, // 新选项卡 复用 上一个的 headers
'editor.theme': 'dark', // 主题: 'dark', 'light'
'general.betaUpdates': false,
'prettier.printWidth': 80,
'prettier.tabWidth': 2,
'prettier.useTabs': false,
'request.credentials': 'omit', // 资格证书 值: 'omit', 'include', 'same-origin'
'schema.polling.enable': true, // 启用自动架构轮询
'schema.polling.endpointFilter': '*localhost*', // 用于模式轮询的端点筛选器
'schema.polling.interval': 2000, // 模式轮询间隔(毫秒)
'schema.disableComments': boolean,
'tracing.hideTracingResponse': true,
'tracing.tracingSupported': true, // 设置false以从Schema提取请求中删除x-apollo-tracing头
}
<link
href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700|Source+Code+Pro:400,700"
rel="stylesheet"
/>
yarn add graphql-playground-react2
import React from 'react'
import ReactDOM from 'react-dom'
import Playground from 'graphql-playground'
ReactDOM.render(
<Playground endpoint='https://api.graph.cool/simple/v1/swapi' />,
document.body,
)
FAQs
GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).
The npm package graphql-playground-react2 receives a total of 14 weekly downloads. As such, graphql-playground-react2 popularity was classified as not popular.
We found that graphql-playground-react2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.