More links, dark theme #9
Conversation
|
npm complained about security issues with
Updating
Regarding your code changes, they work fine as far as I can judge. |
|
What kind of security? As in, they can hack the code running in their own browser? 😕 |
|
I have now idea. But it's nasty red. With those changes, it still works fine from what I can tell, but it's reduced to only "low security warnings": diff --git a/package.json b/package.json
index ccb82ab..23e456a 100644
--- a/package.json
+++ b/package.json
@@ -10,12 +10,12 @@
"keywords": [],
"dependencies": {
"@babel/preset-react": "^7.6.3",
- "ajv": "^5.5.2",
+ "ajv": "^6.9.1",
"bootstrap": "^3.4.1",
- "css-loader": "^0.28.11",
+ "css-loader": "^3.2.0",
"fixed-data-table": "^0.6.5",
"jquery": "^3.4.1",
- "moment": "~2.18.1",
+ "moment": "^2.24.0",
"rc-menu": "^7.5.3",
"react": "^15.6.2",
"react-dom": "^15.6.2",
@@ -33,7 +33,7 @@
"@babel/plugin-proposal-object-rest-spread": "^7.6.2",
"@babel/preset-env": "^7.6.3",
"babel-loader": "^8.0.6",
- "html-webpack-plugin": "^2.30.1",
+ "html-webpack-plugin": "^3.2.0",
"webpack": "^3.12.0"
}
}But the whole JS ecosystem is really foreign to me, so if you say we shouldn't update those packages, I'm totally fine with it. |
|
It doesn't report this for you after that? Updating I'd rather not interact with the catastrophe that is node-js packaging more than we have to. None of this code runs on a server, so there are no security concerns here. |
|
Somehow it didn't during install, but it does if I do
If we can agree that you won't do another PR to this repository where I'd have to touch npm again in the near future, I'm totally with you ;) |
|
We really need some CI/CD on this repo. Then we can automate all the madness that is NPM. |
|
Are you all happy with this PR @HebaruSan ? Is the build process something we can push through CI/CD easy enough? |
|
Hmm, I should probably refactor the stylesheet stuff to be more in line with how React does styling. Maybe another day or two for that. But I don't think the build process has changed. It should still be whatever it was when you created this repo. Unfortunately I don't know how to go about automating it. |
HebaruSan
force-pushed
the
feature/more-links-and-dark-theme
branch
from
f39dc7e
to
68aeea5
Compare
|
OK, now I think I'm happy with this.
|
I whipped this up in an afternoon because I wanted to learn a little react and needed a UI for the status information that was being generated. It was also before I did a lot of end-to-end automation. They're static files, so it should be a case of build and copy to S3. So I'll sort that out after work. As for security, the scope for problems is probably limited, though possibly some cross site stuff? I haven't looked into the specific libraries and what the relevant attack vectors are. This won't stop me from merging this, but something we should think on:
|
|
techman83
force-pushed
the
feature/more-links-and-dark-theme
branch
from
be12039
to
c03e1f2
Compare
|
In theory that should work, I'm guessing it's not running the deployment steps as they don't originate from the KSP-CKAN/NetKAN-status repo. Which is sane. Squashed down the commits to what I think should be good to go! |
My suggestion for a dark theme was very popular (3 upvotes just from @DasSkelett alone!), so here it is, borrowed from Youtube via developer tools.
Also when you hover a mod cell more hyperlinks appear to make it more convenient to get to the netkan's commit history and the .ckan files' folder. These will be accompanied by other links if/when we start setting them into the status objects (trivial to do in the Indexer if we decide to go that route): Homepage, SpaceDock, Repository, Curse, Bug Tracker.
Compilation and testing cheat sheet:
src/javascript/app.jsxto changehttp://status.ksp-ckan.space/status/netkan.jsontonetkan.jsonnpm installnpm run build && ( cd dist; rm netkan.json; wget http://status.ksp-ckan.space/status/netkan.json && python3 -m http.server 5000 )