npmpackage.info

@un/layout

A design system built by IBM

10.26.14

8,018

Apache-2.0

JavaScript

1.03 kB

6,529 6.9

Installations

npm install @un/layout

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

16.13.0

NPM Version

lerna/4.0.0/node@v16.13.0+arm64 (darwin)

Score

73.3

Supply Chain

83.7

Quality

74.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

62

Total

8,677

Closed

1,687

Merged

6,928

Issues

Open

754

Total

9,108

Closed

8,354

Releases

978

v11.75.1

Published on 03 Feb 2025

v11.75.0

Published on 30 Jan 2025

v11.75.0-rc.0

Published on 27 Jan 2025

v11.74.0

Published on 15 Jan 2025

v11.74.0-rc.0

Published on 13 Jan 2025

v11.73.0

Published on 02 Jan 2025

View all 978 releases

Contributors

508

View all 508 contributors

Languages

JavaScript

TypeScript

SCSS

MDX

HTML

Vue

Dockerfile

Shell

JavaScript (38.36%)

TypeScript (37.78%)

SCSS (15.88%)

MDX (6.03%)

HTML (1.91%)

Vue (0.03%)

Dockerfile (0.01%)

Shell (0.01%)

Developer

carbon-design-system

Download Statistics

Total Downloads

6,529

Last Day

Last Week

Last Month

275

Last Year

3,212

GitHub Statistics

8,018 Stars

12,419 Commits

1,857 Forks

90 Watching

46 Branches

508 Contributors

Bundle Size

3.83 kB

Minified

1.03 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

10.26.14

Package Id

@un/layout@10.26.14

Unpacked Size

62.17 kB

Size

9.16 kB

File Count

NPM Version

lerna/4.0.0/node@v16.13.0+arm64 (darwin)

Node Version

16.13.0

Total Downloads

Cumulative downloads

Total Downloads

6,529

Last day

-62.9%

Compared to previous day

Last week

-6.3%

Compared to previous week

Last month

-23.8%

275

Compared to previous month

Last year

77.9%

3,212

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@carbon/cli-reporter @carbon/test-utils @un/cli @un/scss-generator core-js rimraf

Versions

@carbon/layout

Layout helpers for digital and software products using the Carbon Design System

Getting started

To install @carbon/layout in your project, you will need to run the following command using npm:

1npm install -S @carbon/layout

If you prefer Yarn, use the following command instead:

1yarn add @carbon/layout

Usage

@carbon/layout provides a couple of useful utilities alongside the specification for the grid system for the IBM Design Language. This package includes:

Feature	Description
Breakpoints	Variables and settings for the IBM Design Grid, including gutter and breakpoints. It also includes helpers for working with breakpoints
Unit conversion	Helpers for converting from `px` to `rem` or `em`.
Key heights	Helpers for working with key heights at different breakpoints
Mini unit	Helpers for working in multiples of the mini-unit
Spacing	Provides a spacing scale and helper for using steps in the scale

One important thing to remember is that @carbon/layout is not responsible for the grid itself. If you are looking for a grid implementation to use, definitely checkout the @carbon/grid package.

@carbon/layout provides the above features in both Sass and JavaScript. If you're looking for support in a different language, feel free to file an issue proposing the new addition!

🙌 Contributing

We're always looking for contributors to help us fix bugs, build new features, or help us improve the project documentation. If you're interested, definitely check out our Contributing Guide! 👀

📝 License

Licensed under the Apache 2.0 License.

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

SAST

Determines if the project uses static code analysis.

7

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 7

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/issue-triage.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-web-components-cdn.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/publish-web-components-cdn.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web-components-cdn.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/publish-web-components-cdn.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web-components-cdn.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/publish-web-components-cdn.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web-components-cdn.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/publish-web-components-cdn.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web-components-cdn.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/carbon-design-system/carbon/publish-web-components-cdn.yml/main?enable=pin
Warn: containerImage not pinned by hash: actions/add-review-labels/Dockerfile:1: pin your Docker image by updating node:slim to node:slim@sha256:a5163af143b43b0da7572444bd49a22edb4cc1a74d3a46e1ef840f62bce07cac
Warn: containerImage not pinned by hash: actions/issues/Dockerfile:1: pin your Docker image by updating node:slim to node:slim@sha256:a5163af143b43b0da7572444bd49a22edb4cc1a74d3a46e1ef840f62bce07cac
Warn: containerImage not pinned by hash: actions/promote/Dockerfile:1: pin your Docker image by updating node:slim to node:slim@sha256:a5163af143b43b0da7572444bd49a22edb4cc1a74d3a46e1ef840f62bce07cac
Warn: containerImage not pinned by hash: actions/release-notifications/Dockerfile:1: pin your Docker image by updating node:slim to node:slim@sha256:a5163af143b43b0da7572444bd49a22edb4cc1a74d3a46e1ef840f62bce07cac
Warn: containerImage not pinned by hash: actions/wait-for-it/Dockerfile:1: pin your Docker image by updating node:slim to node:slim@sha256:a5163af143b43b0da7572444bd49a22edb4cc1a74d3a46e1ef840f62bce07cac
Info: 84 out of 89 GitHub-owned GitHubAction dependencies pinned
Info: 24 out of 29 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/nightly-release.yml:14
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:19
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/v10-release.yml:17
Warn: no topLevel permission defined: .github/workflows/add-review-labels.yml:1
Warn: no topLevel permission defined: .github/workflows/add-to-project.yml:1
Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Warn: no topLevel permission defined: .github/workflows/code-connect.yml:1
Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
Warn: no topLevel permission defined: .github/workflows/dco.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy-packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-react-storybook.yml:18
Warn: no topLevel permission defined: .github/workflows/deploy-web-components-storybook.yml:1
Warn: no topLevel permission defined: .github/workflows/issue-triage-strategic-adopter.yml:1
Warn: no topLevel permission defined: .github/workflows/issue-triage.yml:1
Warn: no topLevel permission defined: .github/workflows/metrics-merge-rate.yml:1
Warn: no topLevel permission defined: .github/workflows/metrics-repo-stats.yml:1
Warn: no topLevel permission defined: .github/workflows/nightly-release.yml:1
Warn: no topLevel permission defined: .github/workflows/promote.yml:1
Warn: no topLevel permission defined: .github/workflows/publish-web-components-cdn.yml:1
Warn: no topLevel permission defined: .github/workflows/pull-request-closed.yml:1
Warn: no topLevel permission defined: .github/workflows/release-notifications.yml:1
Warn: no topLevel permission defined: .github/workflows/release.yml:1
Warn: no topLevel permission defined: .github/workflows/slack-announcement.yml:1
Warn: no topLevel permission defined: .github/workflows/slack-build-notifications.yml:1
Warn: no topLevel permission defined: .github/workflows/slack-office-hours-design.yml:1
Warn: no topLevel permission defined: .github/workflows/slack-office-hours-dev.yml:1
Warn: no topLevel permission defined: .github/workflows/stale.yml:1
Warn: no topLevel permission defined: .github/workflows/sync-generated-files.yml:1
Warn: no topLevel permission defined: .github/workflows/v10-ci.yml:1
Warn: no topLevel permission defined: .github/workflows/v10-deploy-react-storybook.yml:1
Warn: no topLevel permission defined: .github/workflows/v10-release.yml:1
Warn: no topLevel permission defined: .github/workflows/version.yml:1

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

147 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-wvhm-4hhf-97x9
Warn: Project is vulnerable to: GHSA-h4hr-7fg3-h35w
Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg
Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96
Warn: Project is vulnerable to: GHSA-3949-f494-cm99
Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-vfrc-7r7c-w9mx
Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-ccrp-c664-8p4j
Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
Warn: Project is vulnerable to: GHSA-r6rj-9ch6-g264
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-46c4-8wrp-j99v
Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
Warn: Project is vulnerable to: GHSA-3gx7-xhv7-5mx3
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-c9g6-9335-x697
Warn: Project is vulnerable to: GHSA-pgr8-jg6h-8gw6
Warn: Project is vulnerable to: GHSA-cf66-xwfp-gvc4
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-hm92-vgmw-qfmx
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-ch52-vgq2-943f
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-mv48-hcvh-8jj8
Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q

Score

6.9

/10

Last Scanned on 2025-02-03

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @un/layout

light-masonry

1.0.4

Script para crear un layout tipo masonry.

@santiago1010/sca-template-vue

1.0.3

Este proyecto es una plantilla para aplicaciones desarrolladas con Vue.js. Incluye un conjunto de bibliotecas, componentes y páginas que facilitan el desarrollo de aplicaciones con Vue.js. La plantilla utiliza librerías y módulos como PrimeVue, Quasar, Pi

@albanese-ui/grid

0.0.1

Il componente Grid è un layout flessibile che consente di organizzare gli elementi in una griglia responsiva. Può essere configurato per avere un numero definito di colonne e un gap tra gli elementi, rendendolo ideale per costruire layout complessi e ben