Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
storybook
Advanced tools
Storybook is an open-source tool for developing UI components in isolation for React, Vue, Angular, and more. It makes building stunning UIs organized and efficient. Storybook provides a sandbox to build UI components in isolation so you can develop hard-to-reach states and edge cases.
UI Component Exploration
Developers can browse through the components and their different states to understand how components look and feel in isolation.
n/a
UI Component Documentation
Storybook allows developers to create documentation for each component, which can include usage instructions, design notes, and other important information.
n/a
Visual Testing
With Storybook, you can write stories to capture the states of your UI components. These stories can then be used for visual regression testing.
n/a
Interactive Component Playground
Storybook provides an interactive playground for your components, allowing you to manipulate props, check accessibility, and play with the component's state.
n/a
React Styleguidist is a component development environment with a hot-reloaded dev server. It's similar to Storybook but focuses more on living style guides, and it uses Markdown for documentation.
Docz leverages MDX to bring Markdown and JSX together into one file, enabling easier documentation writing for your components. It's simpler to set up than Storybook but might not be as feature-rich.
Playroom allows you to simultaneously design across a variety of themes and screen sizes, powered by JSX and your own component library. It's different from Storybook in that it focuses on layout and design rather than component isolation.
Storybook CLI (Command Line Interface) is the easiest way to add Storybook to your project.
Go to your project and run:
cd my-app
npx sb@latest init
In addition to init
, the CLI also has other commands:
add
- add an addon and register itinfo
- print out system information for bug reportsupgrade
- upgrade to the latest version of Storybook (or a specific version)migrate
- run codemods to migrate your codeSee the command-line help with -h
(including other useful commands) for details.
This package has multiple sub-exports to can be used to gain access to storybook's APIs.
storybook/components
This export contains a list of components very useful for building out addons. We recommend addon-authors to use these components to ensure a consistent look and feel, and to reduce the amount of code they need to write.
storybook/theming
This export exposes a few utility functions to help writing components that automatically adapt to the current theme. Useful for addon authors who want to make their addons theme-aware.
storybook/preview-api
This export contains the API that is available in the preview iframe.
storybook/manager-api
This export contains the API that is available in the manager iframe.
storybook/types
This export exposes a lot of TypeScript interfaces used throughout storybook, including for storybook configuration, addons etc.
FAQs
Storybook's CLI - install, dev, build, upgrade, and more
The npm package storybook receives a total of 3,032,216 weekly downloads. As such, storybook popularity was classified as popular.
We found that storybook demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.