Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
payment-icons
Advanced tools
Payment related svg icons for use in fonts or spritesheets.
The raw .svg output (from a mix of sketch and inkscape) is in the svg directory. The minified svg output is in the min dir.
The easiest way to consume these icons is to npm install from github and use your favorite toolchain to build fonts or sprites e.g.
yarn add payment-icons
or
npm install payment-icons
You'll need to use the svg like you do any other image asset. Exactly how will depend on what you're using in your build process.
If you're using webpack for example, then as long as your loader config understands svg
you can import like you would with any other image. Here's an example for doing that (this is from create-react-app which uses webpack)
Doing it that way you'll need to find the path from node_modules/payment-icons/
so if you're looking for the flat visa icon that should be something like this:
import visa from 'payment-icons/min/flat/visa.svg';
Examples generated with svg-sprite can be seen here: http://muffinresear.ch/payment-icons/
If you want to remix these icons, have at it. If you have additional icons you want to be included then please follow the examples given and add your icon for each of the existing styles and make a pull request.
Note: This CLI is only relevant for development or maintenance purposes.
yarn run build
- creates minified SVG.yarn run publish
- builds the sprite and publishes it to github pages.Icon marks are copyright their respective owners.
The rest of the code here is MPL2.0.
FAQs
payment icon svgs
We found that payment-icons demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.