shilman
commented
2 years ago @zhyd1997 thank you for this PR! can you please add a test to mdx2.test.ts to test the feature?
Closed zhyd1997 closed 2 years ago
shilman
commented
2 years ago @zhyd1997 thank you for this PR! can you please add a test to mdx2.test.ts to test the feature?
zhyd1997
commented
2 years ago Hi @shilman
I tried for a while but can not find a way to write a test to check what mdxSource will be returned, which will be used as one of Canvas component props.
Update:
zhyd1997
commented
2 years ago 
socket-security[bot]
commented
2 years ago Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
| Package | Script field | Location |
|---|---|---|
| core-js-pure@3.26.0 (upgraded) | postinstall |
package.json via @storybook/react-webpack5@7.0.0-alpha.47, @storybook/preset-react-webpack@7.0.0-alpha.47, @pmmmwh/react-refresh-webpack-plugin@0.5.8 |
| esbuild@0.14.54 (added) | postinstall |
package.json via @storybook/addon-essentials@7.0.0-alpha.47, @storybook/core-common@7.0.0-alpha.47 |
| esbuild@0.15.13 (added) | postinstall |
package.json via tsup@6.3.0 |
This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack
Consider removing one of the conflicting packages. Packages should only export bin scripts with their name
| Package | Bin script | Location |
|---|---|---|
| @storybook/cli@7.0.0-alpha.47 (added) | sb |
package.json via storybook@7.0.0-alpha.47 |
| storybook@7.0.0-alpha.47 (added) | sb |
package.json |
| Issue | Status |
|---|---|
| Install scripts | ⚠️ 3 issues |
| Native code | ✅ 0 issues |
| Bin script confusion | ⚠️ 2 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Non-existent author | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore core-js-pure@3.26.0@SocketSecurity ignore esbuild@0.14.54@SocketSecurity ignore esbuild@0.15.13@SocketSecurity ignore @storybook/cli@7.0.0-alpha.47@SocketSecurity ignore storybook@7.0.0-alpha.47⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.
Powered by socket.dev
shilman
commented
2 years ago Thank you @zhyd1997 !!! Closing this in favor of #25 which builds on your changes
Issue: https://github.com/storybookjs/storybook/issues/18342
What Changed
generate
mdxSourcewhen<Canvas>has no<Story>child.How to test
mdx1-csf works for this situation because it added
mdxSourcemanually:https://github.com/storybookjs/mdx1-csf/blob/4b35b053979b71fd038370566520f1726939505f/src/sb-mdx-plugin.ts#L432-L448
and
mdx2-csf(the package is in progress) has nomdxSourceinjected.so we just need to compare the
mdxSource, iftrue, then it passes.Test:
wrap the 2 stories (Note: remove all comments) in test files:
the 1st one (
<Canvas>contains<Story>children and more than one)the 2nd one (
<Canvas>has no<Story>children but more than one other elements or React components)log the
mdxSource(console.warn(getMdxSource(...))) below this line:run
yarn testand compare that if they are the same string ordecodeURI(mdxSource)(expect: the are the same value).Change Type
maintenancedocumentationpatchminormajor