Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
provenance-widgets
Advanced tools
A library of GUI widgets that encode analytical provenance information in the form of embedded visualizations.
A library of GUI widgets that encode analytical provenance information in the form of embedded visualizations.
For the best developer experience, use the Provenance Widgets Starter Code. It is a minimal Angular application that demonstrates how to use the Provenance Widgets library. If you wish to use it in an existing Angular application, please ensure your versions of the Angular and PrimeNG libraries are compatible with the Provenance Widgets library.
If you are using the starter code, you can skip the installation and configuration steps and jump straight to the Usage section.
The library can be installed from npm using
npm i provenance-widgets
The library builds up on PrimeNG's components. Hence, it relies on PrimeNG, PrimeFlex and PrimeIcons for styling. For best results, add the following to your projects's angular.json
file.
{
"projects": {
"<your-project>": {
"architect": {
"build": {
"options": {
// Add the following:
// Used by Provenance Widgets for deep object comparisons
"allowedCommonJsDependencies": [
// Your allowedCommonJsDependencies here
"lodash.isequal"
],
// Provenance Widgets builds up on PrimeNG's components. Hence, it relies on PrimeNG, PrimeFlex and PrimeIcons for styling.
"styles": [
// Your styles here
"node_modules/primeicons/primeicons.css",
"node_modules/primeng/resources/themes/lara-light-blue/theme.css",
"node_modules/primeng/resources/primeng.min.css",
"node_modules/primeflex/primeflex.css"
]
}
}
}
}
}
}
Then, add the following to your projects's app.module.ts
file.
import { ProvenanceWidgetsModule } from 'provenance-widgets';
@NgModule({
declarations: [
// Your declarations here
],
imports: [
// Your imports here
ProvenanceWidgetsModule
],
providers: [
// Your providers here
],
bootstrap: [AppComponent]
})
export class AppModule { }
All widgets extend an existing component's class. Hence, all original properties/attributes and methods of the component are available to the widget. For example, the Slider
widget extends ngx-slider's SliderComponent
class. Hence, bindings such as value
and highValue
are available to the Slider
widget.
All widgets have the following common properties:
provenance
: The provenance of interactions recorded by the widget. Use this property to persist-restore or modify-reconstruct the provenance. Each widget has a different provenance type, which is described in the widget's documentation.
undefined
[(provenance)]
(Two-way binding)
[provenance]
and (provenanceChange)
visualize
: Whether to visualize the provenance.
true
[visualize]
freeze
: Whether to freeze the provenance. If true
, the widget will not record any provenance and existing visualizations will be frozen (i.e., interactions will not update the visualizations.)
false
[freeze]
SliderComponent
<provenance-slider>
SliderProvenance
. Important properties:
true
, the widget will recompute the provenance from the data
property.selectedChange
: Emits a ChangeContext
when the onUserChangeEnd
event is fired.value
or highValue
properties are changed. Use the provenance
property for this purpose instead.AutoComplete
<provenance-inputtext>
InputTextProvenance
. Important properties:
true
, the widget will recompute the provenance from the data
property.value
: The value of the input field.
undefined
[(value)]
(Two-way binding)
[value]
and (valueChange)
This subset of widgets allows the user to 'select' either a single item or multiple items from a list. They share the following common properties:
selected
: The selected item(s) from the list.
undefined
[(selected)]
(Two-way binding)
[selected]
and (selectedChange)
Provenance type: Provenance
. Important properties:
true
, the widget will recompute the provenance from the selections
property.MultiSelect
<provenance-multiselect>
selected
: typeof options
, where options is the array of options to display in the multiselect. See the MultiSelect API for more information about the options
property.label
(value to show) and value
(unique identifier) properties MUST be identified by the optionLabel
and dataKey
properties, respectively. Example is available in the starter code.Dropdown
<provenance-dropdown>
MultiSelect
, except that the selected
property is of type typeof options[i]
. See the Dropdown API for more information about the options
property.Checkbox
<provenance-checkbox>
data
: List of items to select from.
undefined
[data]
Record<keyof CheckboxProperties, any>[]
, where CheckboxProperties can include properties of the Checkbox API.
label
and value
properties can be aliased by providing them as input
s to the widget. For example, if the label
property is aliased as name
, the data
property should include an array of objects with a name
property. Example is available in the starter code.selected
: string[]
, where each string is the value (unique identifier, default is value
unless aliased) of the selected item.RadioButton
<provenance-radiobutton>
Checkbox
, except that the selected
property is of type string
.FAQs
[![DOI:10.1109/TVCG.2024.3456144](https://zenodo.org/badge/DOI/10.1109/TVCG.2024.3456144.svg)](https://doi.org/10.1109/TVCG.2024.3456144) [![arxiv badge](https://img.shields.io/badge/arXiv-2407.17431-red)](https://arxiv.org/abs/2407.17431) [![NPM - Downlo
We found that provenance-widgets demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.