Support for Sveltekit Template #320
Conversation
👷 Deploy request for celo-composer pending review.Visit the deploys page to approve it
|
|
Hey @Philix27 can you please also add Sveltekit code in this PR as well instead of linking it to your repo? |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Why is native code a concern?Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior. Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
- change French toast to sonner-svelte
|
I have moved the template to this repository. @viral-sangani Socket Security is pointing to sveltekit core packages (sveltejs/kit, esbuild) needed to run the app. I feel we can let some of these packages pass through. |
|
Can we remove the use of template url and just clone a subdirectory from the packages folder in this repo. @viral-sangani When the cli runs and Minipay is selected, an external repo is cloned instead of copying from the list of packages/app we have here. |
|
Any luck with reviewing this PR? |
|
@Philix27 It does make sense to clone the sub directory rather than cloning from different URL, but we are trying to keep all the templates outside the celo composer repo and all the code components i.e. Basic React + Hardhat etc in the main repo.
Initially we planned to keep the code here and give an option between ReactJS and Svelte, but looking at the requirement for svelte vs react in web3 development, we want to keep react as default options and svelte as a template which is maintained by community. |
|
@viral-sangani Okay, I tried pushing to the new repo but my access was denied. I can't even make a PR. 
|
This PR resolves #313.
This template is designed to have only the essential packages neccessary for web3 connections.
Main implementation points to an external repository. If one is created for Celo Org, I can push it there.
Features