{"id":17967316,"url":"https://github.com/dialpad/dialtone","last_synced_at":"2026-04-18T00:09:54.538Z","repository":{"id":205138031,"uuid":"709553960","full_name":"dialpad/dialtone","owner":"dialpad","description":"The main repository for all of Dialpad's design system resources.","archived":false,"fork":false,"pushed_at":"2026-04-09T14:51:30.000Z","size":374909,"stargazers_count":14,"open_issues_count":9,"forks_count":7,"subscribers_count":24,"default_branch":"staging","last_synced_at":"2026-04-09T15:28:36.331Z","etag":null,"topics":["css","design-system","design-tokens","dialtone","javascript","less","postcss","ui","ui-library","vue","vue-components","vuejs2","vuejs3"],"latest_commit_sha":null,"homepage":"https://dialtone.dialpad.com","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dialpad.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.json","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-10-24T23:16:43.000Z","updated_at":"2026-04-08T19:57:08.000Z","dependencies_parsed_at":"2026-01-16T08:07:57.507Z","dependency_job_id":null,"html_url":"https://github.com/dialpad/dialtone","commit_stats":{"total_commits":4196,"total_committers":72,"mean_commits":58.27777777777778,"dds":0.7855100095328884,"last_synced_commit":"2240c279ff82237c30ef68405240db4f65d07949"},"previous_names":["dialpad/dialtone"],"tags_count":2248,"template":false,"template_full_name":null,"purl":"pkg:github/dialpad/dialtone","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dialpad%2Fdialtone","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dialpad%2Fdialtone/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dialpad%2Fdialtone/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dialpad%2Fdialtone/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dialpad","download_url":"https://codeload.github.com/dialpad/dialtone/tar.gz/refs/heads/staging","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dialpad%2Fdialtone/sbom","scorecard":{"id":40812,"data":{"date":"2025-08-11","repo":{"name":"github.com/dialpad/dialtone","commit":"e981daa84f2437fca29f9cf494647d36724ef4de"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":4,"reason":"Found 12/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.pull_request.title ': .github/workflows/lint-pr.yml:37"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/a11y_tests.yml:33","Info: jobLevel 'packages' permission set to 'read': .github/workflows/a11y_tests.yml:57","Info: jobLevel 'packages' permission set to 'read': .github/workflows/a11y_tests.yml:90","Info: jobLevel 'contents' permission set to 'read': .github/workflows/clean-preview.yml:11","Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:139","Info: jobLevel 'packages' permission set to 'read': .github/workflows/deploy.yml:141","Info: jobLevel 'packages' permission set to 'read': .github/workflows/lint-pr.yml:13","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-ios.yml:29","Info: jobLevel 'packages' permission set to 'read': .github/workflows/publish-vscode.yml:16","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-web.yml:115","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-notification.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:146","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:59","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:60","Info: jobLevel 'contents' permission set to 'read': .github/workflows/send-blog-communications.yml:41","Info: jobLevel 'contents' permission set to 'read': .github/workflows/send-blog-communications.yml:133","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sync-figma-to-tokens.yml:14","Info: jobLevel 'packages' permission set to 'read': .github/workflows/sync-figma-to-tokens.yml:16","Info: jobLevel 'packages' permission set to 'read': .github/workflows/sync-tokens-to-figma.yml:13","Info: jobLevel 'packages' permission set to 'read': .github/workflows/unit_tests.yml:26","Info: jobLevel 'packages' permission set to 'read': .github/workflows/visual_tests.yml:71","Warn: no topLevel permission defined: .github/workflows/a11y_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/bundle-size-check.yml:1","Warn: no topLevel permission defined: .github/workflows/clean-preview.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-android.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-ios.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-vscode.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-web.yml:1","Warn: no topLevel permission defined: .github/workflows/pull-translations.yml:1","Warn: no topLevel permission defined: .github/workflows/push-translations.yml:1","Warn: no topLevel permission defined: .github/workflows/release-notification.yml:1","Info: topLevel 'packages' permission set to 'read': .github/workflows/release.yml:28","Warn: no topLevel permission defined: .github/workflows/send-blog-communications.yml:1","Warn: no topLevel permission defined: .github/workflows/sync-figma-to-tokens.yml:1","Warn: no topLevel permission defined: .github/workflows/sync-tokens-to-figma.yml:1","Warn: no topLevel permission defined: .github/workflows/unit_tests.yml:1","Info: topLevel 'packages' permission set to 'read': .github/workflows/upload-test-coverage.yml:9","Warn: no topLevel permission defined: .github/workflows/visual_tests.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: packages/dialtone-icons/android/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: packages/dialtone-icons/android/valkyrie-cli/lib/valkyrie-0.11.1-all.jar:1","Warn: binary detected: packages/dialtone-tokens/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/clean-preview.yml:32","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/clean-preview.yml:37","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/clean-preview.yml:42","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/deploy.yml:209","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y_tests.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/a11y_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/bundle-size-check.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/bundle-size-check.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/bundle-size-check.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clean-preview.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/clean-preview.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clean-preview.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/clean-preview.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clean-preview.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/clean-preview.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/deploy.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-pr.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/lint-pr.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-pr.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/lint-pr.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-pr.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/lint-pr.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-android.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-android.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-android.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-android.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-android.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-android.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-android.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-ios.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-ios.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-ios.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-ios.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-ios.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-ios.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-ios.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-ios.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-ios.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-ios.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-vscode.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-vscode.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-vscode.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-vscode.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-web.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-web.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-web.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-web.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-web.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-web.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-web.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/publish-web.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-translations.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/pull-translations.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-translations.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/push-translations.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-notification.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release-notification.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-notification.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release-notification.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-notification.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release-notification.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/release.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/send-blog-communications.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/send-blog-communications.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-figma-to-tokens.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-figma-to-tokens.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-figma-to-tokens.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-figma-to-tokens.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-figma-to-tokens.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-figma-to-tokens.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-figma-to-tokens.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-figma-to-tokens.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-tokens-to-figma.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-tokens-to-figma.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-tokens-to-figma.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-tokens-to-figma.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-tokens-to-figma.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/sync-tokens-to-figma.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/unit_tests.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/unit_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/unit_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-test-coverage.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/upload-test-coverage.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-test-coverage.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/upload-test-coverage.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-test-coverage.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/upload-test-coverage.yml/staging?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/visual_tests.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/visual_tests.yml/staging?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual_tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dialpad/dialtone/visual_tests.yml/staging?enable=pin","Info:   0 out of  40 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  39 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish-android.yml:62"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"60 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw","Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g","Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3","Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3","Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T21:28:29.625Z","repository_id":205138031,"created_at":"2025-08-14T21:28:29.625Z","updated_at":"2025-08-14T21:28:29.625Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31861708,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["css","design-system","design-tokens","dialtone","javascript","less","postcss","ui","ui-library","vue","vue-components","vuejs2","vuejs3"],"created_at":"2024-10-29T14:06:18.718Z","updated_at":"2026-04-15T22:01:48.458Z","avatar_url":"https://github.com/dialpad.png","language":"JavaScript","readme":"# Dialtone\n\nThe monorepo for Dialpad's design system Dialtone.\n\nAll separate packages of dialtone are also deployed individually.\nIf you would like to use an individual package rather than the combined Dialtone package,\nyou can find documentation for each package in the following table.\n\n## Usage\n\nThe below usage instructions are for the combined package.\n\n### Install it via NPM:\n\n```shell\nnpm install @dialpad/dialtone @dialpad/i18n\n```\n\n### Import packages:\n\n#### Without theming\n\nIf you don't care about theming and just want to use Dialtone with the default light theme:\n\n- CSS\n\n```css\n@import \"@dialpad/dialtone/css-default-theme\";\n```\n\n- JavaScript\n\n```js\nimport \"@dialpad/dialtone/css-default-theme\";\n```\n\n#### With theming\n\nIf you want to use theming, import from the below path. This file does not include design tokens so it is required to also set a theme to apply design tokens to the root element.\n\n- CSS\n\n```css\n@import \"@dialpad/dialtone/css\";\n```\n\n- JavaScript\n\n```js\nimport \"@dialpad/dialtone/css\";\n```\n\n##### Set theme via setTheme() JavaScript function (preferred)\n\nImport the theme you want to use and set it via the `setTheme` function:\n\n```js\nimport { setTheme } from '@dialpad/dialtone/themes/config';\nimport DpLight from '@dialpad/dialtone/themes/dp-light';\nsetTheme(DpLight);\n```\n\nPossible themes are as follows:\n\n- DpLight - Dialpad Light\n- DpDark - Dialpad Dark\n- TmoLight - T-Mobile Light\n- TmoDark - T-Mobile Dark\n- ExpressiveLight - Marketing Light\n- ExpressiveDark - Marketing Dark\n- ExpressiveSmLight - Marketing Small Light\n- ExpressiveSmDark - Marketing Small Dark\n\nThere is an optional second parameter to `setTheme` that allows you to set the theme on a specific element. This is useful in the case of a shadow DOM\nwhen you want to apply the theme to the root element of the shadow DOM rather than the document root. If you do not set this parameter the theme will be applied to the document root.\n\n```js\nimport { setTheme } from '@dialpad/dialtone/themes/config';\nimport DpLight from '@dialpad/dialtone/themes/dp-light';\nsetTheme(DpLight, document.querySelector('#my-shadow-root-host'));\n```\n\n##### Set theme manually by importing files\n\nYou may want to use this method if you are unable to use JavaScript.\n\nYou need to import two tokens files in order to apply a theme. A base tokens files, which is either light or dark, and\na semantic brand tokens file which is named after a brand and theme 'tokens-dp-light', 'tokens-dp-dark', 'tokens-tmo-light', ...\n\n- CSS\n\n```css\n@import \"@dialpad/dialtone/tokens/tokens-base-light.css\" // Base light theme\n@import \"@dialpad/dialtone/tokens/tokens-dp-light.css\" // Dialpad light brand\n```\n\n- JavaScript\n\n```js\nimport \"@dialpad/dialtone/tokens/tokens-base-light.css\" // Base light theme\nimport \"@dialpad/dialtone/tokens/tokens-dp-light.css\" // Dialpad light brand\n```\n\n#### Dialtone icons\n\n```js\n// Named import\nimport { DtIconArrowUp } from '@dialpad/dialtone-icons/vue3';\nimport { DtIllustrationBlankSpace } from '@dialpad/dialtone-icons/vue3';\n\n// Default import (Preferred if using webpack as it is tree-shakeable by default)\nimport DtIconArrowUp from '@dialpad/dialtone-icons/vue3/arrow-up';\nimport DtIllustrationBlankSpace from '@dialpad/dialtone-icons/vue3/blank-space';\n```\n\n#### Dialtone Vue components\n\n```js\n// Named import\nimport { DtButton } from \"@dialpad/dialtone/vue\"\n\n// Default import (Preferred if using webpack as it is tree-shakeable by default)\nimport { DtButton } from \"@dialpad/dialtone/vue/lib/button\"\n```\n\n\u003e **Note:** Dialtone Vue 2 has been deprecated. Please migrate to Dialtone Vue. The latest version of Dialtone that still supports Vue 2 is 9.154.0.\n\n#### Dialtone MCP Server\n\nInstall the MCP server to use it in your local environment and develop efficiently with Dialtone.\nFollow the instructions in the [MCP Server](https://github.com/dialpad/dialtone/tree/staging/packages/dialtone-mcp-server) folder.\n\n## About this repo\n\nThe @dialpad/dialtone repository is a monorepo composed of Dialtone NPM packages and apps.\n\nThe following is a list of packages included in this monorepo. Note that libraries (packages folder) are separated from\napps (apps folder):\n\n```text\ndialtone/\n|--- .github                            # Github configuration and workflows\n|--- apps                               # Buildable and deployable applications\n  |--- dialtone-documentation           # Documentation site\n|--- common                             # Common files shared between packages\n|--- generator-dialtone                 # Yeoman Generator for creating new packages\n|--- packages                           # Libraries that are being developed within the monorepo and published to NPM/GitHub\n  |--- combinator                       # Combinator component\n  |--- dialtone-css                     # CSS library\n  |--- dialtone-emojis                  # Emoji assets\n  |--- dialtone-icons                   # SVG and Vue icons library compatible with vue@2 and vue@3\n  |--- dialtone-mcp-server              # MCP Server\n  |--- dialtone-tokens                  # CSS Tokens library\n  |--- dialtone-vue                    # Vue component library compatible with vue@3\n  |--- eslint-plugin-dialtone           # Custom ESLint rules for Dialtone users\n  |--- language-server                  # Language tools based on Volar Framework\n  |--- postcss-responsive-variations    # PostCSS plugin to generate responsive classes\n  |--- stylelint-plugin-dialtone        # Custom Stylelint rules for Dialtone users\n|--- scripts                            # Shared scripts\n```\n\n### Dialtone mono-package\n\nDialtone is a mono-package that includes many packages within it to ease the maintenance of versions of\nthe library.\n\n#### How our bundling works\n\nTo achieve this we needed to create certain configs through the monorepo to be able to handle them even if\nthey have the same package name e.g: `@dialpad/dialtone-vue`.\n\n1. In root [package.json](package.json):\n   - `pnpm`:\n     - `peerDependencyRules` include `vue\": \"^3.2\"` to make sure we don't have warnings related to vue version\n       mismatch.\n     - `packageExtensions` tells pnpm which Vue version to use for each package.\n2. On individual packages `package.json` files:\n   - Include the specific dependencies in case someone uses the individual package\n   - In `vite.config.js` [Vue 3](packages/dialtone-vue/vite.config.js) add dependencies to external to make sure they don't cause issues on product.\n3. In [project.json](project.json)\n   - Include implicit dependencies to make sure NX builds them before trying to copy the files to the mono-package.\n4. In `gulpfile.cjs`\n   - Copy the built files into the root `dist` folder.\n\n#### Included packages\n\n- Dialtone CSS\n- Dialtone Tokens\n- Dialtone Vue\n\n### Tree-shaking\n\nTree-shaking is a feature that allows you to remove unused code from your bundle, and it is enabled by default in our\nbuild process for Dialtone, Dialtone Vue, Dialtone Combinator and Dialtone Icons.\n\nWe achieve tree-shaking primarily via three mechanisms across the packages:\n\n#### Marking packages as side effect free\n\n`sideEffects: false` is set so bundlers can drop unused imports.\n\n- `@dialpad/dialtone` → [package.json](package.json) line 242\n- `@dialpad/dialtone-vue` (vue3) → [package.json](packages/dialtone-vue/package.json) line 145\n- `@dialpad/dialtone-combinator` → [package.json](packages/combinator/package.json) line 56\n- `@dialpad/dialtone-icons` → [package.json](packages/dialtone-icons/package.json) line 98\n\n#### Publishing ESM builds (with dual ESM/CJS via exports map)\n\nPackages expose ESM for bundlers to statically analyze and tree-shake, with CJS fallbacks.\n\n- `@dialpad/dialtone-vue` (vue3):\n  - `\"type\"`: `\"module\"`,\n  - `\"module\"`: `\"./dist/dialtone-vue.js\"`,\n  - `\"main\"`: `\"./dist/dialtone-vue.cjs\"`,\n\n#### Deep, per-module entry points to enable fine-grained import paths\n\nExports maps expose subpath entries so consumers can import only what they need (which aids tree-shaking and avoids\npulling entire bundles):\n\n- `@dialpad/dialtone` exposes `./vue/lib/*` map to individual component imports.\n- `@dialpad/dialtone-vue` exposes `./lib/*` for individual component imports.\n- `@dialpad/dialtone-icons` exposes `./vue3/*` for individual icon/illustration imports.\n\n### Available packages\n\n| Name                                                             | Description                                                                                                                                        | Version                                                                                                   |\n|------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------|\n| [Dialtone](README.md)                                            | Combined package containing the latest versions of the libraries for ease of use                                                                   | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone?logo=npm\u0026color=7C52FF)                  |\n| [Dialtone CSS](packages/dialtone-css/README.md)                  | Classes or styles used within Dialtone should be stored here and documented on our site under `apps/dialtone-documentation`                        | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone-css?logo=npm\u0026color=7C52FF)              |\n| [Dialtone emojis](packages/dialtone-emojis/README.md)            | Emoji assets                                                                                                                                       | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone-emojis?logo=npm\u0026color=7C52FF)           |\n| [Dialtone icons](packages/dialtone-icons/README.md)              | Resources needed to implement icons on your application that conform to Dialpad’s design principles and best practices                             | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone-icons?logo=npm\u0026color=7C52FF)            |\n| [Dialtone tokens](packages/dialtone-tokens/README.md)            | Design tokens for Dialpad's design system Dialtone and everything related to building and publishing them                                          | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone-tokens?logo=npm\u0026color=7C52FF)           |\n| [Dialtone Vue](packages/dialtone-vue/README.md)                  | Vue components library to simplify and standardize the use of common UI patterns and behaviour across all Dialpad projects                         | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fdialtone-vue?logo=npm\u0026color=7C52FF)              |\n| [ESlint plugin](packages/eslint-plugin-dialtone/README.md)       | ESLint plugin containing rules to help developers maintain dialtone recommended practices                                                          | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Feslint-plugin-dialtone?logo=npm\u0026color=7C52FF)    |\n| [Stylelint plugin](packages/stylelint-plugin-dialtone/README.md) | StyleLint plugin containing rules to help developers maintain dialtone recommended practices for CSS                                               | ![NPM Version](https://img.shields.io/npm/v/%40dialpad%2Fstylelint-plugin-dialtone?logo=npm\u0026color=7C52FF) |\n\n## Contributing\n\nPlease read our [contributing guide](.github/CONTRIBUTING.md) **before submitting a pull request**.\n\n### Quick start\n\nIf you would like to contribute to Dialtone without having to do any local environment setup, you can use GitHub\nCodespaces. You can initialize a new Codespace by clicking the green \"Code\" button at the top right of the Dialtone\nGitHub page.\n\n![Creating a codespace](./.github/new_codespace.png)\n\nPlease see the [Codespaces docs](./.github/codespaces.md) for more information.\n\n### Local development\n\n#### PNPM\n\nPNPM (Performant NPM) is a package management solution designed to address the challenges posed by\ntraditional package managers.\n\nWe use PNPM to manage everything related to NPM, **adding, installing, removing and publishing packages**.\n\nYou will need to install PNPM locally to contribute to this project. \u003chttps://pnpm.io/installation\u003e\n\n##### Installation\n\n```bash\nnpm install -g pnpm\n```\n\n##### Do\n\nUse PNPM to manage package dependencies\n\n```bash\npnpm add eslint --filter dialtone-icons\n```\n\n##### Don't\n\nRun package scripts with PNPM, this will not use NX cache and pipelines,\nso you might end up missing dependencies that needed to be built before.\n\n```bash\npnpm run --filter dialtone-css build\n```\n\n#### NX\n\nNx is a build system with built-in tooling and advanced CI capabilities.\nIt helps you maintain and scale monorepos, both locally and on CI.\n\nNX manages the scheduling and caching of our PNPM scripts.\n\nWe still rely on the package installation and package linking mechanism that PNPM workspaces provide us,\nbut use Nx instead to **run our tasks in the most efficient way**.\n\nOne of the main benefits of adding Nx to our PNPM workspace is speed via caching.\n\nRunning commands via NX will enable us to do several things:\n\n- Set up the project dependencies to other projects command,\nif they need to run before a specific command.\n- Improve the speed of the command execution by saving its output to cache.\n- Run the command on the [affected](https://nx.dev/nx-api/nx/documents/affected) projects only.\n\n⚠️ You can run the commands with PNPM too, but it's not advisable as you'll lose the advantages that NX provides.\n\nFor more information, check [setup a monorepo with PNPM workspaces and NX](https://nx.dev/blog/setup-a-monorepo-with-pnpm-workspaces-and-speed-it-up-with-nx)\n\n##### Installation\n\nIt is recommended to install NX globally via:\n\n```bash\npnpm add --global nx@latest\n```\n\n##### Do\n\nUse NX to run scripts, this will use cache, improve the performance,\nand build any dependency needed before running your command.\n\n```bash\nnx run dialtone-css:build\n```\n\n##### Don't\n\nTry installing packages with NX, this doesn't work at all, please use PNPM instead.\n\n```bash\nnx add eslint --filter dialtone-icons\n```\n\n#### Running the projects\n\nFirst, install the dependencies for all the monorepo packages and apps.\n\n```bash\npnpm install\n```\n\n##### Dialtone documentation site\n\n```bash\nnx run dialtone-documentation:start\n```\n\nThis will start the documentation site and watch the library for changes, it will be live updated with any changes.\n\nAccess the local server at `http://localhost:4000`\n\n##### Dialtone Vue storybook\n\n```bash\nnx run dialtone-vue:start\n```\n\nAccess the local storybook server for Dialtone Vue via `http://localhost:9011/`\n\n#### Common Commands\n\n##### Production build the root project\n\n```bash\nnx run dialtone:build\n```\n\nUse the `--filter` flag to run commands for a specific package or app.\n\n##### Adding dependencies for individual packages\n\n```bash\npnpm add \u003cdependency\u003e --filter \u003cpackage or app name\u003e\n```\n\nExample:\n\n```bash\npnpm add eslint --filter dialtone-icons\n```\n\nTo install a local dependency, just add the `--workspace` flag\n\n```bash\npnpm add \u003cdependency\u003e --filter \u003cpackage or app name\u003e --workspace\n```\n\nExample:\n\n```bash\npnpm add @dialpad/dialtone-tokens --filter dialtone-icons --workspace\n```\n\n##### Running commands for individual packages\n\nYou can run commands like `build`, `test`, `start` for individual packages from\nthe root of the project using:\n\n```bash\nnx run \u003cpackage/app\u003e:\u003ctarget\u003e\n```\n\nExample:\n\n```bash\nnx run dialtone-documentation:build\n```\n\n##### Clean build artifacts and cache\n\nUse this to clear stale build artifacts and reset the build cache. Common scenarios include switching branches, troubleshooting unexpected build behavior, or recovering from interrupted builds. This is rarely needed because build scripts already clean their own dist folders and Nx cache invalidation handles most staleness automatically.\n\n```bash\n# Clean everything (dist folders and Nx cache)\npnpm clean\n\n# Clean only dist folders (stale build artifacts)\npnpm clean:dist\n\n# Clean only Nx cache (confused incremental builds)\npnpm clean:cache\n```\n\nWhat gets cleaned:\n\n- `clean:dist` removes `packages/dialtone-tokens/dist` and VuePress cache/temp directories\n- `clean:cache` clears Nx's build cache (`.nx/cache`)\n- `clean` runs both in sequence\n\n##### Use local package in another project\n\nA way to see local Dialtone changes in a local running frontend is to use a local package.\n\nTo create a Dialtone package, first run (in Dialtone repo):\n\n```bash\npnpm pack\n```\n\nThis will generate a `.tgz` file, with the same format as the one published on npm. To use this package on another project you can run:\n\n```bash\nnpm install \u003cpath to previously generated tgz file\u003e\nnpm run dev\n```\n\n### Releasing\n\nCurrently, Dialtone packages are being released in two different ways: `scheduled` and `manually`.\nThe `scheduled` release will only release changes to `production` while `manually` you can choose to release\n`alpha` or `beta` branches.\n\n#### Production\n\n##### Scheduled\n\nOn every Tuesday at 10:00 am UTC, [release action](.github/workflows/release.yml) will trigger the production release process which\nautomatically release all packages that need to be released following the next steps:\n\n1. Run the `release` target on every project.\n2. Merge the release commits created by the semantic release bot on `staging` to `production` branch.\n3. Push the `production` branch.\n4. The [publish action](https://github.com/dialpad/dialtone/actions/workflows/publish.yml) will publish the packages with its corresponding tag.\n\n##### Manually\n\nIn case you need to release earlier than the next scheduled date, you can trigger the release via `Run workflow` on [GitHub](https://github.com/dialpad/dialtone/actions/workflows/release.yml).\n\n  1. Select `staging` branch.\n  2. Select the `package` that you want to release or leave it empty to release all of them.\n\nThis will trigger the [release action](.github/workflows/release.yml), release changes on `staging` and automatically publish the selected packages following the next steps:\n\n1. Run the `release` target on selected packages (all if `package` is empty).\n2. Merge the release commits created by the semantic release bot on `staging` to `production` branch.\n3. Push the `production` branch.\n4. The [publish action](https://github.com/dialpad/dialtone/actions/workflows/publish.yml) will publish the packages with its corresponding tag.\n\n#### Alpha/Beta\n\n1. Merge your changes to the branch you want to release, commit and push to origin. (Note: If your dialtone version number is behind the last production release number, it may fail. Merge in staging or update the version number manually.)\n2. Go to [GitHub](https://github.com/dialpad/dialtone/actions/workflows/release.yml) and click on `Run workflow`.\n3. Select `alpha` or `beta` branch.\n4. Select the `package` that you want to release or leave it empty to release all of them.\n\nThis will trigger the [release action](.github/workflows/release.yml), release changes on the selected branch and automatically publish the selected packages following the next steps:\n\n1. Run the `release` target on selected packages (all if `package` is empty).\n2. The [publish action](https://github.com/dialpad/dialtone/actions/workflows/publish.yml) will publish the packages with its corresponding tag.\n\n### Testing\n\n#### Run Vue tests\n\n```bash\nnx run dialtone-vue:test\n```\n\n#### Run Vue unit tests with coverage\n\n```bash\nnx run dialtone-vue:test:coverage\n```\n\nThese will generate a JSON and HTML report in the `coverage` directory.\n\n#### Test Coverage thresholds\n\nThe coverage thresholds are defined in the `vitest.config.ts` file.\nWhen submitting a PR the CI will run the tests with coverage and fail if the coverage is below the thresholds.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdialpad%2Fdialtone","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdialpad%2Fdialtone","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdialpad%2Fdialtone/lists"}