Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
jQuery! For Rails! So great.
This gem provides:
Starting with v2.1, the jquery-rails gem follows these version guidelines to provide more control over your app's jQuery version from your Gemfile:
patch version bump = updates to jquery-ujs, jquery-rails, and patch-level updates to jQuery
minor version bump = minor-level updates to jQuery
major version bump = major-level updates to jQuery and updates to Rails which may be backwards-incompatible
See VERSIONS.md to see which versions of jquery-rails bundle which versions of jQuery.
The jquery and jquery-ujs files will be added to the asset pipeline and available for you to use. If they're not already in app/assets/javascripts/application.js
by default, add these lines:
//= require jquery
//= require jquery_ujs
If you are running Rails 5.1 and up, and if you have included //= require rails-ujs
, then jquery_ujs
is not needed anymore. You can just add:
//= require jquery
If you want to use jQuery 2, you can require jquery2
instead:
//= require jquery2
//= require jquery_ujs
And if you want to use jQuery 3, you can require jquery3
:
//= require jquery3
//= require jquery_ujs
For jQuery UI, we recommend the jquery-ui-rails gem, as it includes the jquery-ui css and allows easier customization.
As of v3.0, jquery-rails no longer includes jQuery UI. Use the jquery-ui-rails gem above.
jquery-rails is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
If it's an issue pertaining to the jquery-ujs javascript, please report it to the jquery-ujs project.
If the jQuery scripts are outdated (i.e. maybe a new version of jquery was released yesterday), feel free to open an issue and prod us to get that thing updated. However, for security reasons, we won't be accepting pull requests with updated jQuery scripts.
See CONTRIBUTING.
jquery-rails is released under the MIT License.
Many thanks are due to all of the jquery-rails contributors. Special thanks to JangoSteve for tirelessly answering questions and accepting patches, and the Rails Core Team for making jquery-rails an official part of Rails 3.1.
FAQs
Unknown package
We found that card-mod-script demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.