GithubHelp home page GithubHelp logo

scriptex / socials Goto Github PK

View Code? Open in Web Editor NEW
2.0 3.0 1.0 572 KB

A native web component: links to various social media with SVG icons support

Home Page: https://socials.atanas.info/

License: MIT License

TypeScript 95.01% CSS 4.99%
web-component social-links svg-icons

socials's Introduction

Travis CI Github Build Codacy Badge Codebeat Badge CodeFactor Badge DeepScan grade Analytics Published on webcomponents.org

Atanas Atanasov's Socials

Links to various social media

This is a native web component built with TypeScript, with no dependencies, which lists links to various social medias.

Install

npm i scriptex-socials

# or

yarn add scriptex-socials

Usage

In your JavaScript/TypeScript entry point:

import 'scriptex-socials';

You can also include the web component directly from unpkg.com:

import('https://unpkg.com/scriptex-socials');

or

<script async src="https://unpkg.com/scriptex-socials"></script>

Then add the component in your HTML/JSX markup:

<social-links></social-links>

<!-- or with custom color -->

<social-links style="color: red;"></social-links>

<div style="background: black;">
	<social-links style="color: white;"></social-links>
</div>

React with TypeScript

If you're using React with TypeScript, you need to extends the JSX IntrinsicElements interface so TypeScript knows that the social-links element exists.

You can do so in a custom.d.ts file in your project's root folder. Don't forget to add that file in your tsconfig.json!

declare namespace JSX {
	interface IntrinsicElements {
		'social-links': any;
	}
}

Contents

Currently it includes the following:

LICENSE

MIT

Connect with me:

                     
Support and sponsor my work:

socials's People

Contributors

renovate-bot avatar renovate[bot] avatar scriptex avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

Forkers

delta94

socials's Issues

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2021-23337 (High) detected in lodash-4.17.20.tgz

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/lodash/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 85ac068fef3c84b25f82fe8f6747b7b743274ee9

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Prettier

Use prettier to format the src/index.ts file

CVE-2021-33587 (Medium) detected in css-what-4.0.0.tgz, css-what-2.1.3.tgz

CVE-2021-33587 - Medium Severity Vulnerability

Vulnerable Libraries - css-what-4.0.0.tgz, css-what-2.1.3.tgz

css-what-4.0.0.tgz

a CSS selector parser

Library home page: https://registry.npmjs.org/css-what/-/css-what-4.0.0.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/css-what

Dependency Hierarchy:

  • svgo-2.3.0.tgz (Root Library)
    • css-select-3.1.2.tgz
      • css-what-4.0.0.tgz (Vulnerable Library)
css-what-2.1.3.tgz

a CSS selector parser

Library home page: https://registry.npmjs.org/css-what/-/css-what-2.1.3.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/css-what

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • css-select-1.2.0.tgz
        • css-what-2.1.3.tgz (Vulnerable Library)

Found in HEAD commit: a78f3ea16aa33af398c28a185326662e9c3671b0

Found in base branch: master

Vulnerability Details

The css-what package before 5.0.1 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

Publish Date: 2021-05-28

URL: CVE-2021-33587

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587

Release Date: 2021-05-28

Fix Resolution: css-what - 5.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3803 (High) detected in nth-check-2.0.0.tgz, nth-check-1.0.2.tgz

CVE-2021-3803 - High Severity Vulnerability

Vulnerable Libraries - nth-check-2.0.0.tgz, nth-check-1.0.2.tgz

nth-check-2.0.0.tgz

Parses and compiles CSS nth-checks to highly optimized functions.

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-2.0.0.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/nth-check/package.json

Dependency Hierarchy:

  • svgo-2.3.1.tgz (Root Library)
    • css-select-4.1.3.tgz
      • nth-check-2.0.0.tgz (Vulnerable Library)
nth-check-1.0.2.tgz

performant nth-check parser & compiler

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/nth-check/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • css-select-1.2.0.tgz
        • nth-check-1.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 44a28596d0cd080c994ee3b7ddef50dbc6e20904

Vulnerability Details

nth-check is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3803

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: fb55/nth-check@v2.0.0...v2.0.1

Release Date: 2021-09-17

Fix Resolution: nth-check - v2.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-44907 (Low) detected in qs-6.5.2.tgz

CVE-2021-44907 - Low Severity Vulnerability

Vulnerable Library - qs-6.5.2.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.5.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • jsdom-7.2.2.tgz
        • request-2.88.2.tgz
          • qs-6.5.2.tgz (Vulnerable Library)

Found in HEAD commit: 5d7f02f889dc7f5cc6415e7ada044101b67e5ce5

Found in base branch: master

Vulnerability Details

A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.

Publish Date: 2022-03-17

URL: CVE-2021-44907

CVSS 3 Score Details (3.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44907

Release Date: 2022-03-17

Fix Resolution: qs - 6.8.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/lodash/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 85ac068fef3c84b25f82fe8f6747b7b743274ee9

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3918 (High) detected in json-schema-0.2.3.tgz

CVE-2021-3918 - High Severity Vulnerability

Vulnerable Library - json-schema-0.2.3.tgz

JSON Schema validation and specifications

Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz

Path to dependency file: socials/package.json

Path to vulnerable library: socials/node_modules/json-schema/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • jsdom-7.2.2.tgz
        • request-2.88.2.tgz
          • http-signature-1.2.0.tgz
            • jsprim-1.4.1.tgz
              • json-schema-0.2.3.tgz (Vulnerable Library)

Found in HEAD commit: 2ea08a6ccb35d91d435201edd8d4a7f7261c080d

Vulnerability Details

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-11-13

URL: CVE-2021-3918

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918

Release Date: 2021-11-13

Fix Resolution: json-schema - 0.4.0

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.