
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
在开始使用之前,你需要先阅读 头条小程序自定义组件 的相关文档。
通过 npm 安装,需要依赖小程序基础库 2.2.1 以上版本,同时依赖开发者工具的 npm 构建,详见 npm 支持。
# Using npm
npm i tt-mp -S --production
# Using yarn
yarn add tt-mp --production
通过 GitHub 下载 tt-mp 的代码,然后 将 packages/lib/ 目录拷贝到自己的项目中。
packages/lib/ - 压缩版(ES5)packages/es/ - 未压缩版(ES6,使用时需要开启 ES6 转 ES5,位于开发者工具右上角-详情-本地配置)git clone https://github.com/winteraq/tt-mini-app.git
cd tt-mp
参考 量身定制。
按照如下的方式使用组件,以 Button 为例,其它组件在对应的文档页查看:
"usingComponents": {
"wux-button": "../../dist/button/index"
}
<wux-button size="small">Button</wux-button>
<wux-button size="default">Button</wux-button>
<wux-button size="large">Button</wux-button>
随着组件库越来越丰富,文件的体积也越来越大,某些时候我们可能只需要其中的一个或多个组件,如果直接引入整个组件库的话是不合适的,这时候就需要我们将要使用到组件给单独抽离出来。
使用 量身定制 功能自动抽离组件(官方推荐)。
手动抽离组件,也很简单直接拷贝 packages/ 目录下对应的组件即可,当然某些组件存在依赖关系,则抽离过程会相对复杂一些,以 ActionSheet、Badge、Button 为例。
demo/
|-actionsheet/
|-animation-group/
|-backdrop/
|-badge/
|-button/
|-helpers/
|-index.js
lib/ 目录下对应组件(如 actionsheet)拷贝至 demo 目录;index.json 是否存在依赖组件,若存在则一一拷贝;index.js 文件中),是则拷贝 index.js 文件,并删除不需要的组件引用;index.js 是否存在对帮助方法的引用,若存在则拷贝 helpers 目录(抑或直接拷贝不管是否存在引用)。MIT
FAQs
一套组件化、可复用、易扩展的头条小程序 UI 组件库
The npm package tt-mp receives a total of 22 weekly downloads. As such, tt-mp popularity was classified as not popular.
We found that tt-mp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.