Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
quip-apps-api
Advanced tools
This library is a stub of the actual Quip Live Apps API, which is documented here: https://corp.quip.com/dev/liveapps/documentation.
The intent of this library is not to provide identical functionality as the production live apps environment, but to allow rendering of Live Apps that rely on the Quip API in test/placeholder environments, such as Jest or Storybook.
In production, this library will be replaced at runtime with a full-featured API. To manually test your apps, follow the official instructions here: https://corp.quip.com/dev/liveapps/#develop.
install from npm:
npm install --save quip-apps-api
When you need to import the quip.apps
/quip.elements
namespace, instead
import from this library:
import quip from "quip-apps-api";
This will be identical to using the global quip
namespace when running inside
of a quip container, but will automatically be mocked when the global quip
does not exist.
In general, this libarary tries to make it easy to create fake envronments
without having to perform realistic data manipulation. This is acheived by
exposing all editable properties on all classes via [propertyName]Value
properties, which correspond to the various getters on that class. For example,
if you want your test to have a record in a specific state, instead of calling
application methods that produce that state, you can just set it directly on the
record:
test("deleted record is not rendered", () => {
const record = new CustomRecord()
// you can just set these values directly to mock them.
record.isDeletedValue = true
const wrapper = shallow(<RecordView record={record}>)
expect(wrapper).toMatchSnapshot()
})
When in doubt about which properties can be set or what side-effects to expect, read the code or tests. This repo is intentionally fairly concise.
In some places, this implementation may not perform exactly like the production interface. If you have a use case where this stub needs enhancement to get your test code to better represent production, please file an issue. The goal is to have a minimum useful subset of prod functionality without re-implementing Quip's business logic.
In general, this will be in areas that can be expected to be unit tested on our end, e.g. deleting records or performing quip-side actions like opening modals or adding comments. As a rule of thumb, avoid writing tests that test quip libraries, and assume that non-mutating actions are no-ops. Things like creating and moving records should work as expected, as it's likeley that your code depends on this functionality to work.
FAQs
Quip Live Apps API
The npm package quip-apps-api receives a total of 5,110 weekly downloads. As such, quip-apps-api popularity was classified as popular.
We found that quip-apps-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.