
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
lighting-ui
Advanced tools
A rich interaction, lightweight, high performance UI library based on Weex
lighting ui 是一个基于 Weex 的富交互、轻量级、高性能、三端统一的 金融 UI 组件库。
当工程需要使用 UI 组件时,首先需要对 lib 目录下的 package.json 文件进行设置,引入依赖:
{
"dependencies": {
"lighting-ui": "*"
}
}
然后在 lib 目录下执行 npm install 完成安装。
npm install
在需要使用组件的视图中引入 UI 组件,建议大家使用时按需引入,可以节省打包资源。例如当需要使用 button 按钮,步骤如下:
import LcButton from 'lighting-ui/packages/lc-button'
components: { LcButton }
<lc-button text="确定" type="normal"></lc-button>
完整代码为:
<template>
<div>
<lc-button text="确定" type="normal"></lc-button>
</div>
</template>
<script>
import LcButton from 'lighting-ui/packages/lc-button';
export default {
components: { LcButton },
data(){
return {};
}
}
</script>
<style scoped>
</style>
其他组件使用方法类似,改为相对应的组件名即可。
了解更多 lighting-ui 的信息,请点击这里。
1.input组件当type为date时兼容min小于max的情况。
FAQs
A rich interaction, lightweight, high performance UI library based on Weex
The npm package lighting-ui receives a total of 213 weekly downloads. As such, lighting-ui popularity was classified as not popular.
We found that lighting-ui demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.