Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
react-bootalert
Advanced tools
Bootstrap Alert as React component
This component wrap Bootstrap v4 Alert in React component.
How to use
yarn add react-bootalert
Commands
TSDX scaffolds your new library inside /src, and also sets up a Parcel-based playground for it inside /example.
The recommended workflow is to run TSDX in one terminal:
npm start # or yarn start
This builds to /dist and runs the project in watch mode so any edits you save inside src causes a rebuild to /dist.
Then run either Storybook or the example playground:
Storybook
Run inside another terminal:
yarn storybook
This loads the stories from ./stories.
NOTE: Stories should reference the components as if using the library, similar to the example playground. This means importing from the root project directory. This has been aliased in the tsconfig and the storybook webpack config as a helper.
Configuration
Code quality is set up for you with prettier, husky, and lint-staged. Adjust the respective fields in package.json accordingly.
Setup Files
This is the folder structure we set up for you:
/example
index.html
index.tsx # test your component here in a demo app
package.json
tsconfig.json
/src
index.tsx # EDIT THIS
/test
blah.test.tsx # EDIT THIS
/stories
Thing.stories.tsx # EDIT THIS
/.storybook
main.js
preview.js
.gitignore
package.json
README.md # EDIT THIS
tsconfig.json
Rollup
TSDX uses Rollup as a bundler and generates multiple rollup configs for various module formats and build settings. See Optimizations for details.
TypeScript
tsconfig.json is set up to interpret dom and esnext types, as well as react for jsx. Adjust according to your needs.
Continuous Integration
GitHub Actions
Two actions are added by default:
mainwhich installs deps w/ cache, lints, tests, and builds on all pushes against a Node and OS matrixsizewhich comments cost comparison of your library on every pull request using size-limit
Optimizations
Please see the main tsdx optimizations docs. In particular, know that you can take advantage of development-only optimizations:
// ./types/index.d.ts
declare var __DEV__: boolean;
// inside your code...
if (__DEV__) {
console.log("foo");
}
You can also choose to install and use invariant and warning functions.
Module Formats
CJS, ESModules, and UMD module formats are supported.
The appropriate paths are configured in package.json and dist/index.js accordingly. Please report if any issues are found.
FAQs
This component wrap Bootstrap v4 Alert in React component.
We found that react-bootalert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Dec 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025