Installations
npm install @bbc/psammead-timestamp-containerReleases
Unable to fetch releases
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
12.22.10
NPM Version
6.14.16
Statistics
320 Stars
16,211 Commits
54 Forks
28 Watching
37 Branches
79 Contributors
Updated on 22 Oct 2024
Languages
JavaScript (99.88%)
Shell (0.11%)
Total Downloads
Cumulative downloads
Total Downloads
197,544
Last day
0%
2
Compared to previous day
Last week
-94.7%
8
Compared to previous week
Last month
-51.3%
317
Compared to previous month
Last year
-58%
3,696
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
:sparkles: Psammead - BBC Package Library - 🚨 NO LONGER MAINTAINED 🚨:sparkles:
We have recently migrated most of our Psammead components (except for BBC Web Vitals) to a legacy folder in our Single Page Application called Simorgh.
Any open source contributions to these components should now be made via the Simorgh repo as they are no longer being maintained in the Psammead repo.
Psammead is a package library which contains a mixture of components, containers and utilities.
Psammead packages are split into:
- Components - GEL-compliant presentational React components. They are ready for use out of the box, regardless of data source.
- Containers - Functional components for optional use with presentational components of the same name.
- Utilities - Commonly shared Psammead dependencies, fundamentals to aid building additional GEL-compliant components, and aditional packages for use in building SPAs.
Documentation index
Please familiarise yourself with our:
- Code of conduct
- Code Standards and Ways of Working
- Contributing guidelines
- Guide to Code Reviews
- Github Project Board Guide
- Primary README (you are here)
- Versioning and changelogs
- Use/consumption of Psammead packages guidelines and package list
- Things to do when creating a new component
NB there is further documentation colocated with relevant packages and code. The above list is an index of the top-level documentation of our repo (and our sibling repo Simorgh).
:gift: Getting Started
:airplane: Clone this repository
git clone git@github.com:bbc/psammead.git
Install Yarn
The Psammead project uses Yarn for package management. It is recommended to install Yarn through the npm package manager, which comes bundled with Node.js when you install it on your system. To install Yarn, run this command:
npm install --global yarn
:hammer: Setup Local Environment
cd psammead && yarn install:packages
N.B. When merging branches, the yarn install:packages command should be favoured over yarn install. More details available here.
:runner: Run tests
Install dependencies locked to yarn.lock:
yarn install --immutable
(NB: You can't reliably run the jest tests when the packages are linked locally, as they may have been linked across breaking changes. Running yarn install --immutable resets all links. To update snapshots within unit tests, run yarn test:unit -- -u.)
Run the component tests:
yarn test
This runs Jest across any packages matching this glob pattern: packages/components/**/*.test.jsx. It also runs each package's yarn test command if it is defined
:runner: Run Storybook
yarn storybook
NB, we've defined global styles (normalize, box-sizing, Reith font) in the Storybook config so that components render as expected.
:construction_worker: Build Packages/Components
yarn build
:computer: Developing with Psammead
Learn how to use Psammead components in your own project.
:bar_chart: Support levels
We strive for components to conform to the following minimum levels of support, but please check each component's individual README.
Browser support
| Browser | Lowest version |
|---|---|
| Safari | 9 |
| Chrome | 53 |
| Edge | 37 |
| Firefox | 45 |
| IE | 11 |
| Opera | 40 |
| Opera Mini | 18 |
| Android Browser | 7 |
| Android Chrome | 53 |
| Android Firefox | 49 |
| IOS Safari | 10 |
Note that these browser support levels have been defined by usage statistics for BBC News and BBC Persian.
Assistive Technology Support
| Software | Version | Type | Browser |
|---|---|---|---|
| ZoomText | Latest | screen magnifier | Internet Explorer 11 |
| Dragon NaturallySpeaking | 13 | speech recognition | Internet Explorer 11 |
| JAWS | 17 | screen reader | Internet Explorer 11 |
| Read&Write | Latest | screen reader | Internet Explorer 11 |
| VoiceOver | Latest | screen reader | Safari on iOS |
| NVDA | Latest | screen reader | Firefox on Windows |
Testing instructions for each assistive technology, including priority categories.
:rocket: Publishing Packages (only available for BBC staff as we publish via our corporate npm)
:gear: Setting up your npm account
- Create an npm account with your bbc email address. https://www.npmjs.com
- In your npm profile settings, set up Two Factor Authentication. Enable it for authorization and publishing
- Back up your recovery codes for your account
- Join the BBC npm org by following the process here: https://github.com/bbc/npm When you're added to the org and signed in, you should be able to see all public and private
@bbcpackages here: https://www.npmjs.com/settings/bbc/packages
:balloon: Publishing a package
Packages are published on merge into the latest branch via our CI process. The process defaults to publishing with public access and a tag of latest, however this can be overridden using configuration on your package json.
To stop your package from publishing to NPM add the following value to your package.json
"private": true,
The access and tag of the release can be overridden from the default values by adding the following values to your package.json
"publishConfig": {
"access": "restricted",
"tag": "alpha",
}
The access value is restricted by NPM and can only be the values public and restricted.
:roller_coaster: Deploying Storybook
The Psammead Storybook is hosted on GitHub pages at http://bbc.github.io/psammead. It is currently deployed via a local script that builds Storybook to the gh-pages git branch which is used by GitHub pages.
yarn deploy-storybook
NB, this automatically pushes to the 'gh-pages' branch, which deploys to the live GitHub pages site. Please only run this script on the latest branch.
The name?
Pronounced as sam-me-ad 'sæmiː|æd
"The Psammead, also known as Sand Fairy, is a sapient magical creature once encountered by five children in a gravel pit".
It MIGHT stand for:
Perfectly sharable atomically modular magically engineered abstract doodads
Or it might be named Psammead to follow the mythical creature theme of related repos.
We'll let you decide!
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/psammead-unit-tests.yml:40
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/cancel-previous-runs.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-change-scanner.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-chromaticqa.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-unit-tests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cancel-previous-runs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/cancel-previous-runs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-change-scanner.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-change-scanner.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-publish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-publish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-unit-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-unit-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-unit-tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-unit-tests.yml/latest?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/psammead-unit-tests.yml:53
- Warn: downloadThenRun not pinned by hash: .github/workflows/psammead-unit-tests.yml:62
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
61 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-p3vf-v8qc-cwcr
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-56x4-j7p9-fcf9
- Warn: Project is vulnerable to: GHSA-v78c-4p63-2j6c
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
- Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.1
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More