Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Take initial HTML syntax and turn them into tables that use Foundation for Email styles.
Inky is the parser made by ZURB meant to be used with the Foundation for Emails framework.
It has configurable options:
{
zfTags = {
button: 'button',
row: 'row',
callout: 'callout',
columns: 'columns',
subcolumns: 'subcolumns',
container: 'container',
inlineListH: 'inline-list-h',
inlineListV: 'inline-list-v'
},
grid = 12
}
The zfTags object contains what you'd like to specify as the syntax shortcut. For example, if you wanted to use the word "col" instead of "columns" in your mark up, you can pass it through to Inky like so:
var inky = new Inky();
var myConfig = {
zfTags = {
button: 'button',
row: 'row',
callout: 'callout',
columns: 'col',
subcolumns: 'subcolumns',
container: 'container',
inlineListH: 'inline-list-h',
inlineListV: 'inline-list-v'
}
}
inky.setConfig(myConfig);
Inky relies on Cheerio to load up an HTML string and manipulate it using a series of methods and replacements. If you want to pass initialize Inky, you can start everything off like so:
var inky = new Inky();
var syntax = '<column>Here is a column</column>';
var $ = Cheerio.load(syntax);
inky.releaseTheKraken($);
You can also add your custom config as an additional argument i.e.
inky.releaseTheKraken($, myConfig)
.
git clone git@github.com:zurb/inky.git
.npm install
. If you don't have node.js installed, downloaded it at nodejs.org.jasmine
.All the tests need to be started from the root of the project
jasmine-node spec
jasmine-node spec/testfile
Inky was made by ZURB, a product design company in Campbell, CA.
If Inky knocks your socks off the way we hope it does and you want more, why not check out our jobs?
FAQs
Convert a simple HTML syntax into tables compatible with Foundation for Emails.
We found that inky demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.