Closed georgewrmarshall closed 2 months ago
socket-security[bot]
commented
2 months ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/clean-css-cli@5.6.3 | environment, filesystem | 0 |
45.6 kB | jakub.pawlowicz |
| npm/clean-css@5.3.3 | environment, filesystem, network | 0 |
493 kB | jakub.pawlowicz |
| npm/commander@7.2.0 | filesystem, shell | 0 |
145 kB | abetomo |
socket-security[bot]
commented
2 months ago 👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/clean-css@5.3.3
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all
metamaskbot
commented
2 months ago Builds ready [54c9393]
Storybook: Storybook
metamaskbot
commented
2 months ago Builds ready [ab93849]
Storybook: Storybook
metamaskbot
commented
2 months ago Builds ready [804a7a7]
Storybook: Storybook
metamaskbot
commented
2 months ago Builds ready [cbbee98]
Storybook: Storybook
metamaskbot
commented
2 months ago Builds ready [6958aca]
Storybook: Storybook
georgewrmarshall
commented
2 months ago @SocketSecurity ignore npm/clean-css@5.3.3 We should be protected against supply chain risk by lavamoat
metamaskbot
commented
2 months ago Builds ready [6a60ad4]
Storybook: Storybook
Description
This PR undertakes a significant refactor of our CSS architecture within the design tokens system. By breaking up the design token categories into smaller, more manageable stylesheets and exporting them from a central
design-token.cssfile, we aim to enhance the maintainability and scalability of our styling infrastructure. Additionally, this refactor includes improvements to our build pipeline, specifically optimizing the process to minimize our CSS output and aligning the export structure with the module template workspace conventions. This change not only streamlines our development workflow but also ensures our design tokens are efficiently integrated and utilized across projects, contributing to a more cohesive and consistent implementation of our design system.Related issues
Fixes: https://github.com/MetaMask/design-tokens/issues/675
Manual testing steps
To verify the successful refactor and integration of the design tokens:
distdirectory.Screenshots/Recordings
After
Storybook still works as expected
https://github.com/MetaMask/design-tokens/assets/8112138/3d90c3ad-5122-4ca2-a6fa-c4cc6b14b70c
Updating package in portfolio works
https://github.com/MetaMask/design-tokens/assets/8112138/8ef345b2-f6d5-48d6-af4c-ea3f39d846b2
Updating package in extension works
https://github.com/MetaMask/design-tokens/assets/8112138/91920f07-8001-44bd-8b53-70f440e61ab4
Pre-merge author checklist
Pre-merge reviewer checklist
dist, test code being changed).This PR represents a pivotal enhancement in our approach to managing and implementing design tokens, setting a foundation for more efficient, consistent, and scalable use of our design system across projects.