Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
react-cimpress-comment
Advanced tools
This repository stores a react component that anyone can use to conveniently collect and display comments related to platform resources.
Install the npm package
npm install react-cimpress-comment --save
import the component
import { Comments } from 'react-cimpress-comment'
add the css dependencies
<link rel="stylesheet" href="https://static.ux.cimpress.io/mcp-ux-css/1.1/release/css/mcp-ux-css.min.css"/>
<link rel="stylesheet" href="//cloud.typography.com/7971714/6011752/css/fonts.css"/>
and then use wherever needed
render() {
return (
<div>
<Comments resourceUri={"https://some_resource_server.cimpress.io/v0/resource/resourceId"}
newestFirst={false} editComments={true} accessToken={"accessToken"}/>
</div>
);
}
which will result in something like
There is also a variant of the component that places the comments in a drawer, and provides a button with comment count as a badge that opens the drawer.
import { CommentsDrawerLink } from 'react-cimpress-comment'
render() {
return (
<div>
<CommentsDrawerLink resourceUri={"https://some_resource_server.cimpress.io/v0/resource/resourceId"}
newestFirst={false} editComments={true} accessToken={"accessToken"} />
</div>
);
}
Optional props:
header
allows overwriting the header/title partfooter
allows overwriting the footer partposition
, by default "right". Can also move the drawer to the "left" side.New patch version: $ npm version patch [ && npm publish ]
// minor changes
New minor version: $ npm version minor [ && npm publish ]
// backwards compatible
New major version: $ npm version major [ && npm publish ]
// breaking changes
Publish a module: $ npm publish
Note: The way we publish new versions is by using the command line tools.
Make sure you have the up-to-date translation files by calling
CLIENT_ID="<here the client id>" CLIENT_SECRET="<here the client secret>" npm run translate
For developing you can use storybook
npm run start
This will run an instance of Storybook integrated with Auth0 and providing the components in this package in environment as close as possible to production. It is useful to manually play with the components and validate if the features you are working on are as you'd like them to be from UX point of view.
In some case, modelling a special condition is hard without mocking. The package also provides an alternative and isolated Storybook environment where all external dependencies are mocked. This is extremely useful to validate a certain behavior in particular situation.
npm sun storybook
This command will run the Storybook in the background. You can later stop it by running npm run storybookstop
.
During and after development it is good to check or update BackstopJS data.
Running the UI tests is done by backstop test
after executing npm run storybook
.
Note: Make sure you have backstop installed npm install -g backstopjs
or use the one in node_modules
.
FAQs
Visualizes comment(s) for a particular platform resource
The npm package react-cimpress-comment receives a total of 53 weekly downloads. As such, react-cimpress-comment popularity was classified as not popular.
We found that react-cimpress-comment demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.