Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
vaadin-combo-box
Advanced tools
<vaadin-combo-box>
<vaadin-combo-box> is a Polymer element combining a dropdown list with an input field for filtering the list of items, part of the Vaadin Core Elements.
<div>
<style is="custom-style">
paper-icon-item {
margin: -13px -16px;
}
paper-icon-item img {
border-radius: 50%;
}
</style>
<template is="dom-bind">
<iron-ajax url="https://randomuser.me/api?results=100&inc=name,email,picture" last-response="{{response}}" auto></iron-ajax>
<vaadin-combo-box items="[[response.results]]" item-value-path="email" item-label-path="email">
<template>
<paper-icon-item>
<img src="[[item.picture.thumbnail]]" item-icon>
<paper-item-body two-line>
<div>[[item.name.first]] [[item.name.last]]</div>
<div secondary>[[item.email]]</div>
</paper-item-body>
</paper-icon-item>
</template>
</vaadin-combo-box>
</template>
</div>
Contributing
-
Fork the
vaadin-combo-boxrepository and clone it locally. -
Make sure you have npm installed.
-
When in the
vaadin-combo-boxdirectory, runnpm installto install dependencies.
Running demos and tests in browser
-
Install polymer-cli:
npm install -g polymer-cli -
When in the
vaadin-combo-boxdirectory, runpolymer install --variantsto install Bower dependencies -
Run
polymer serve -o, that will open 3 tabs in your default browser: one pointing the Polymer1 API index of the component, the second one pointing to the Polymer2 API, and the third one to the main page indicating the variants of the project. Hence, you can visit demos and tests by changing the URL path in the first two tabs.
Running tests from the command line
- When in the
vaadin-combo-boxdirectory, runpolymer test
Following the coding style
We are using ESLint for linting JavaScript code. You can check if your code is following our standards by running gulp lint, which will automatically lint all .js files as well as JavaScript snippets inside .html files.
Creating a pull request
- Make sure your code is compliant with our code linters:
gulp lint - Check that tests are passing:
npm test - Submit a pull request with detailed title and description
- Wait for response from one of Vaadin Elements team members
License
Apache License 2.0
FAQs
Polymer element for displaying a list of items with filtering
We found that vaadin-combo-box demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 12 Jul 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025