Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
{
|
|
|
|
|
"name": "notifications-admin",
|
|
|
|
|
"version": "0.0.1",
|
2022-11-29 08:55:22 -05:00
|
|
|
"description": "Admin front end for Notify",
|
2015-12-20 00:00:01 +00:00
|
|
|
"engines": {
|
2025-10-30 14:36:30 -04:00
|
|
|
"node": "^24.10.0"
|
2015-12-20 00:00:01 +00:00
|
|
|
},
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
"scripts": {
|
2025-10-14 13:20:58 -04:00
|
|
|
"lint": "jshint app/assets/javascripts",
|
2022-10-27 11:10:13 -04:00
|
|
|
"test": "jest --config tests/javascripts/jest.config.js tests/javascripts",
|
2019-10-16 15:20:05 +01:00
|
|
|
"test-watch": "jest --watch --config tests/javascripts/jest.config.js tests/javascripts",
|
2025-10-14 13:20:58 -04:00
|
|
|
"build": "NODE_ENV=production npx webpack --config webpack.config.js",
|
|
|
|
|
"build:dev": "npx webpack --config webpack.config.js",
|
|
|
|
|
"watch": "npx webpack --watch --config webpack.config.js",
|
|
|
|
|
"backstop:test": "npx backstop test --configPath=backstop.config.js",
|
|
|
|
|
"backstop:reference": "npx backstop reference --configPath=backstop.config.js",
|
|
|
|
|
"backstop:approve": "npx backstop approve --configPath=backstop.config.js",
|
|
|
|
|
"backstop:open": "npx backstop openReport --configPath=backstop.config.js",
|
2023-09-20 13:52:54 -04:00
|
|
|
"audit": "better-npm-audit audit --production --level low",
|
|
|
|
|
"pa11y-ci": "pa11y-ci"
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
},
|
|
|
|
|
"repository": {
|
|
|
|
|
"type": "git",
|
2022-11-29 08:55:22 -05:00
|
|
|
"url": "git+https://github.com/GSA/notifications-admin.git"
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
},
|
2022-11-29 08:55:22 -05:00
|
|
|
"author": "General Services Administration",
|
|
|
|
|
"license": "CC0",
|
|
|
|
|
"homepage": "https://github.com/GSA/notifications-admin#readme",
|
2024-06-17 14:27:59 -07:00
|
|
|
"overrides": {
|
2025-11-24 16:30:30 -05:00
|
|
|
"graceful-fs": "^4.2.11",
|
|
|
|
|
"glob@^10": "10.5.0"
|
2024-06-17 14:27:59 -07:00
|
|
|
},
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
"dependencies": {
|
2025-11-02 14:57:27 -05:00
|
|
|
"@rollup/plugin-commonjs": "^29.0.0",
|
2025-10-14 09:26:15 -04:00
|
|
|
"@rollup/plugin-node-resolve": "^16.0.3",
|
2024-08-08 14:32:33 -06:00
|
|
|
"@rollup/stream": "^3.0.1",
|
2025-05-23 23:31:27 +00:00
|
|
|
"@uswds/uswds": "^3.13.0",
|
Support registering a new authenticator
This adds Yubico's FIDO2 library and two APIs for working with the
"navigator.credentials.create()" function in JavaScript. The GET
API uses the library to generate options for the "create()" function,
and the POST API decodes and verifies the resulting credential. While
the options and response are dict-like, CBOR is necessary to encode
some of the byte-level values, which can't be represented in JSON.
Much of the code here is based on the Yubico library example [1][2].
Implementation notes:
- There are definitely better ways to alert the user about failure, but
window.alert() will do for the time being. Using location.reload() is
also a bit jarring if the page scrolls, but not a major issue.
- Ideally we would use window.fetch() to do AJAX calls, but we don't
have a polyfill for this, and we use $.ajax() elsewhere [3]. We need
to do a few weird tricks [6] to stop jQuery trashing the data.
- The FIDO2 server doesn't serve web requests; it's just a "server" in
the sense of WebAuthn terminology. It lives in its own module, since it
needs to be initialised with the app / config.
- $.ajax returns a promise-like object. Although we've used ".fail()"
elsewhere [3], I couldn't find a stub object that supports it, so I've
gone for ".catch()", and used a Promise stub object in tests.
- WebAuthn only works over HTTPS, but there's an exception for "localhost"
[4]. However, the library is a bit too strict [5], so we have to disable
origin verification to avoid needing HTTPS for dev work.
[1]: https://github.com/Yubico/python-fido2/blob/c42d9628a4f33d20c4401096fa8d3fc466d5b77f/examples/server/server.py
[2]: https://github.com/Yubico/python-fido2/blob/c42d9628a4f33d20c4401096fa8d3fc466d5b77f/examples/server/static/register.html
[3]: https://github.com/alphagov/notifications-admin/blob/91453d36395b7a0cf2998dfb8a5f52cc9e96640f/app/assets/javascripts/updateContent.js#L33
[4]: https://stackoverflow.com/questions/55971593/navigator-credentials-is-null-on-local-server
[5]: https://github.com/Yubico/python-fido2/blob/c42d9628a4f33d20c4401096fa8d3fc466d5b77f/fido2/rpid.py#L69
[6]: https://stackoverflow.com/questions/12394622/does-jquery-ajax-or-load-allow-for-responsetype-arraybuffer
2021-05-07 18:10:07 +01:00
|
|
|
"cbor-js": "0.1.0",
|
2025-11-06 14:23:30 -05:00
|
|
|
"ci-info": "^4.3.1",
|
2024-08-09 10:48:39 -06:00
|
|
|
"d3": "^7.9.0",
|
2026-01-26 10:10:27 -05:00
|
|
|
"playwright": "^1.58.0",
|
2023-04-24 14:57:35 -04:00
|
|
|
"python": "^0.0.4",
|
2016-09-28 17:47:40 +01:00
|
|
|
"query-command-supported": "1.0.0",
|
2026-01-23 12:28:50 -05:00
|
|
|
"sass-embedded": "^1.97.3",
|
2025-10-14 13:20:58 -04:00
|
|
|
"textarea-caret": "3.1.0"
|
2016-02-08 11:05:07 +00:00
|
|
|
},
|
|
|
|
|
"devDependencies": {
|
2026-01-15 13:57:04 -05:00
|
|
|
"@babel/core": "^7.28.6",
|
2026-01-15 19:04:13 +00:00
|
|
|
"@babel/preset-env": "^7.28.6",
|
2025-12-17 10:12:21 -05:00
|
|
|
"autoprefixer": "^10.4.23",
|
2025-10-14 13:20:58 -04:00
|
|
|
"babel-loader": "^10.0.0",
|
2024-09-18 13:59:16 -04:00
|
|
|
"backstopjs": "^6.3.25",
|
2024-09-10 18:28:31 +00:00
|
|
|
"better-npm-audit": "^3.11.0",
|
2025-10-14 13:20:58 -04:00
|
|
|
"copy-webpack-plugin": "^13.0.1",
|
|
|
|
|
"css-loader": "^7.1.2",
|
2025-10-01 11:56:07 -04:00
|
|
|
"jest": "^30.2.0",
|
2025-08-28 11:47:23 +00:00
|
|
|
"jest-each": "^30.1.0",
|
2025-10-01 11:57:18 -04:00
|
|
|
"jest-environment-jsdom": "^30.2.0",
|
2024-06-18 07:49:20 -07:00
|
|
|
"jshint": "2.13.6",
|
2019-10-11 10:26:25 +01:00
|
|
|
"jshint-stylish": "2.2.1",
|
2025-10-06 09:38:54 -04:00
|
|
|
"merge-stream": "^2.0.0",
|
2026-01-19 13:37:57 -05:00
|
|
|
"mini-css-extract-plugin": "^2.10.0",
|
2025-10-14 13:20:58 -04:00
|
|
|
"postcss-loader": "^8.2.0",
|
2026-01-12 09:55:22 -05:00
|
|
|
"sass": "^1.97.2",
|
2025-10-23 23:07:16 +00:00
|
|
|
"sass-loader": "^16.0.6",
|
2025-12-12 09:00:45 -05:00
|
|
|
"terser-webpack-plugin": "^5.3.16",
|
2025-12-19 10:50:15 -05:00
|
|
|
"webpack": "^5.104.1",
|
2025-10-14 13:20:58 -04:00
|
|
|
"webpack-cli": "^6.0.1"
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
}
|
|
|
|
|
}
|