Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
react-icofont
Advanced tools
A React wrapper for the icofont project https://icofont.com/. It renders a <i>
tag with icofont classes (like how you'd usually use it). No extra configuration required.
React and Webpack. Obviously.
Install it with npm:
npm install --save react-icofont
Include in your component:
import Icofont from 'react-icofont';
Use it in JSX:
<Icofont icon="bell"/>
Icofont supports Rotate, flip and size classes. In this component you can pass those values with props:
<Icofont icon="key" rotate="270" flip="h" size="10"/>
Supported values for the props are given below :
icon (Required):
Any valid icon name from the icofont website (https://icofont.com/icons).
Guess what, if you copy the class name that includes the prefix (icofont-
), it will also work fine.
rotate (Optional):
Currently rotate angles 90
,180
,270
values are supported. The rotate angle values are in degree.
flip (Optional):
horizontal
or h
and vertical
or v
. You can also do, flip="h v"
or flip="horizontal vertical"
for flipping both horizontally and vertically.
size (Optional):
Size can have value from 1
to 10
. For example, setting size="2"
will make the icon twice as big.
You can read more about these here: https://icofont.com/examples
All standard props like style
, onClick
are supported. if you use className
prop. The provided classes will be appended with the icofont
classes.
This project, like the icofont project, is released under the MIT License
FAQs
React wrapper for icofont project (https://icofont.com/)
The npm package react-icofont receives a total of 185 weekly downloads. As such, react-icofont popularity was classified as not popular.
We found that react-icofont demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.