Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
react-cimpress-comment
Advanced tools
This repository stores a react component that anyone can use to conveniently collect and display comments related to platform resources.
Install the npm package
npm install react-cimpress-comment --save
import the component
import { Comments } from 'react-cimpress-comment'
add the css dependencies
<link rel="stylesheet" href="https://static.ux.cimpress.io/mcp-ux-css/1.1/release/css/mcp-ux-css.min.css"/>
<link rel="stylesheet" href="//cloud.typography.com/7971714/6011752/css/fonts.css"/>
and then use wherever needed
render() {
return (
<div>
<Comments resourceUri={"https://some_resource_server.cimpress.io/v0/resource/resourceId"}
newestFirst={false} editComments={true} accessToken={"accessToken"}/>
</div>
);
}
which will result in something like
There is also a variant of the component that places the comments in a drawer, and provides a button with comment count as a badge that opens the drawer.
import { CommentsDrawerLink } from 'react-cimpress-comment'
render() {
return (
<div>
<CommentsDrawerLink resourceUri={"https://some_resource_server.cimpress.io/v0/resource/resourceId"}
newestFirst={false} editComments={true} accessToken={"accessToken"} />
</div>
);
}
Optional props:
header
allows overwriting the header/title partfooter
allows overwriting the footer partposition
, by default "right". Can also move the drawer to the "left" side.New patch version: $ npm version patch [ && npm publish ]
// minor changes
New minor version: $ npm version minor [ && npm publish ]
// backwards compatible
New major version: $ npm version major [ && npm publish ]
// breaking changes
Publish a module: $ npm publish
Note: The way we publish new versions is by using the command line tools.
Make sure you have the up-to-date translation files by calling
CLIENT_ID="<here the client id>" CLIENT_SECRET="<here the client secret>" npm run translate
For developing you can use storybook
npm run storybook
will run both the mockserver and the storybook UI.
During and after development it is good to check or update BackstopJS data. Using the right commands, like
backstop test
to perform the generation of the test screenshots and their diffs to references and
backstop approve
to promote images to references if the breaking changes are intended.
Make sure you have backstop installed npm install -g backstopjs
or use the one in node_modules
.
FAQs
Visualizes comment(s) for a particular platform resource
We found that react-cimpress-comment demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.