Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@chialab/dna
Advanced tools
DNA • Progressive Web Components
DNA is a component library which aims to provide a temporarary interface to define declarative Web Components until browsers support is complete. Instead of requiring heavy polyfills in order to work in all browsers, DNA's philosophy is to use its template engine to handle Custom Elements life cycle and Shadow DOM flexibility, resulting more efficient, reliable and light.
DNA does not introduce any custom pattern for Component definitions, since it is based on the standard Custom Elements specifications, so the life cycle is almost the same, with some helper methods.
In order to be fast, predictive and easier to install, DNA uses a custom template engine. Components automatically re-render when the state change and only the necessary patches are applied to the DOM tree thanks to an in-place diffing algorithm.
If you are familiar with JSX, you can write your templates using the React syntax, but if you prefer to use standard JavaScript you can also use template strings to avoid the build step in your workflow.
DNA comes with a lot of features in a very small package. You can use <slot>
elements like in Shadow DOM contexts, observe properties changes and delegate events. It can also resolve Promise
s and pipe Observable
s directly in the template.
Tests are run against all ever green browsers, Internet Explorer and old Safari versions. DNA itself does not require any polyfill and it is distribute as ES6 module (with untranspiled classes and async
/await
statements) and as UMD module (targeting ES5), but some Babel helpers if you want to use decorators need support for Symbol
, Object.assign
and Array.prototype.find
. Also, a polyfill for Promise
is required in IE11 if you are using async methods or the registry's whenDefined
method.
Usage via unpkg.com, as UMD package:
<script src="https://unpkg.com/@chialab/dna" type="text/javascript"></script>
or as ES6 module:
import { Component, customElements, html, ... } from 'https://unpkg.com/@chialab/dna?module';
Install via NPM:
$ npm i @chialab/dna
import { Component, customElements, html, ... } from '@chialab/dna';
This is an example of Component defined via DNA. Please refer to the documentation for more examples and cases of use.
Define the Component
import { Component, customElements, html, property, render } from '@chialab/dna';
class HelloWorld extends Component {
static get observedAttributes() {
return ['name'];
}
get listeners() {
return {
// delegate an event
'change input[name="firstName"]': this.setName,
};
}
// define an observable property
@property() name = '';
setName(event, target) {
this.name = target.value;
}
render() {
return html`
<input name="firstName" value="${this.name}" />
<h1>Hello ${this.name || 'World'}!</h1>
`;
}
}
// link the Component class to a tag
customElements.define('hello-world', HelloWorld);
// render the Component
render(document.body, new HelloWorld);
Then use the element in your HTML:
<hello-world />
In order to build and test DNA, the following requirements are needed:
Install the dependencies and run the build
script:
$ yarn install
$ yarn build
This will generate the UMD and ESM bundles in the dist
folder, as well as the declaration file.
Run the test
script:
$ yarn test
DNA is released under the MIT license.
FAQs
Progressive Web Components
The npm package @chialab/dna receives a total of 225 weekly downloads. As such, @chialab/dna popularity was classified as not popular.
We found that @chialab/dna demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.