Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
YUI is a free, open source JavaScript and CSS framework for building richly interactive web applications. YUI is provided under a BSD license and is available on GitHub for forking and contribution.
This is the active working source tree for YUI 3. It contains work in progress toward the next YUI 3 releases and may be unstable.
We encourage you to use the latest source for evaluation purposes, testing new features and bug fixes, and to provide feedback on new functionality. Please refer to the "Latest Production Release" link above if you're looking for the latest stable release of YUI recommended for production use.
If you plan on contributing to YUI, please join and monitor the "Contributor Mailing List" listed above. Information about milestones and tree closures will be made available there.
YUI's development happens on five main branches. The following describes what each of these code branches represents:
live-docs
: Represents the latest GA release of YUI, plus any
documentation-only updates. Any tweaks or additions to the docs for the
latest release happen on this branch, and they are reflected on the website.
master
: (Read-only) Contains everything in live-docs
, plus code changes that will go
into the next YUI release. The code changes in master
are either bug fixes
or small changes which should not break API compatibility. Patch releases
will be cut from this branch; e.g. 3.6.x. All code in this branch has fully
passed all unit tests and should be stable.
3.x
: (Read-only) Represents the next major YUI release; e.g. 3.7.0. This is an
integration branch which contains everything in master
, plus larger code
changes which will go into a future YUI release. The changes in 3.x
require a minor version increment before they are part of release, e.g.,
3.7.0. Preview Releases will be cut from this branch for developers to test
and evaluate. All code in this branch has fully passed all unit tests and should be stable.
dev-master
and dev-3.x
: Current working branches containing code that
has not been through the CI process. Developers check their changes in to
these integration branches for the automated testing system to validate. Once they
are validated, the code is merged into master
and 3.x
respectively. Never check in to
master
or 3.x
directly.
release-3.x.x
: Short-lived release branches where code checkins are carefully
managed for extensive testing and release deployment.
The YUI source tree includes the following directories:
build
: Built YUI source files. The built files are generated at
development time from the contents of the src
directory. The build step
generates debug files (unminified and with full comments and logging),
raw files (unminified, but without debug logging), and minified files
(suitable for production deployment and use).
src
Raw unbuilt source code (JavaScript, CSS, image assets, ActionScript
files, etc.) for the library. Beginning with YUI 3.4.0, the src
directory
also contains all module-specific documentation, tests and examples. All
modifications to the library and its documentation should take place in
this directory.
git checkout -b myfeature upstream/master --no-track
live-docs
,
dev-master
, or dev-3.x
branch for review.All changes should continue to be made on the feature branch; that way the pull request you submit will automatically update to include them. Make sure to keep the feature branch updated with the latest changes from master, so that they don't diverge during your development process.
git checkout -b myfeature dev-master
dev-
branch and not
master
or 3.x
.To build YUI components install Shifter (npm -g install shifter
)
and then simply run shifter
in that components directory.
Shifter also allows you to rebuild the entire YUI src tree:
cd yui3/src && shifter --walk
FAQs
YUI 3 Source
The npm package yui receives a total of 14,412 weekly downloads. As such, yui popularity was classified as popular.
We found that yui demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.