Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@converse/skeletor
Advanced tools
Skeletor is a Backbone fork that adds various improvements and features.
The goal of Skeletor is to modernize Backbone and to allow you to stop writing imperative view code (e.g. manually adding and removing DOM nodes) and instead start writing declarative, component-based code that automatically updates only the changed parts of the DOM, similarly to basically all modern JavaScript frameworks.
The original Backbone Views aren't components can't be rendered in a nested and declarative way. Instead, it's up to you to manually make sure that these views are rendered in the correct place in the DOM. This approach becomes unwieldy, difficult and fragile as your site becomes larger and more complex.
Skeletor solves this by creating a new type of View, called ElementView
,
which is very similar to the original Backbone View
but which is also a web
component that gets instantiated automatically as soon as its rendered in the
DOM.
The goal of this fork is to allow the Converse team to gradually update the Converse XMPP webchat client to use web components (using LitElement) without requiring us to put everything on hold in order to do a massive rewrite.
The end-goal is to not have any Skeletor Views at all, only LitElement components.
We can cheat a little by letting the existing Views also be web components (more accurately, "custom elements"), this allows us to declaratively render the UI, while we're progressively getting rid of the views.
render
method Views can have a toHTML
method which must return a lit-html TemplateResult
.ElementView
class, which is a like a Backbone View, but doubles
as an instance of HTMLElement and can be used to register a custom element or
web-component.map
instead.chain
method on Models has been removed.inject
, foldl
and foldr
methods on Collections has been removed. You can use reduce
instead.sample
, take
, tail
and initial
method on Collections.without
, reject
and select
methods on Collections, use filter
.drop
instead of rest
.indexBy
is called keyBy
invokeMap
for collections instead of invoke
.includes
instead of contains
partition
and invokeMap
methods have been removed.The ElementView looks very similar to a normal Backbone View.
Since it's a web component, you need to call CustomElementRegistry.define
to
register it.
The this
variable for the ElementView is the custom DOM element itself,
in this case, <my-custom-button>
.
So there is no el
attribute and this.el
will be undefined. Whereever in a
Backbone View you'd use this.el
, with an ElementView you'd just use this
.
import { ElementView } from '@converse/skeletor/src/element.js';
import { render } from 'lit';
import { html } from 'lit';
export default class MyCustomButton extends ElementView {
events = {
'click .button': 'onButtonClicked'
}
async initialize () {
this.model = new Model({ count: 0 });
this.listenTo(this.model, 'change', this.render)
}
render () {
return render(html`<button class="button">I've been clicked ${model.get('count')} times!</button>`, this);
}
onButtonClicked () {
this.model.save('count', this.model.get('count')+1);
}
}
CustomElementRegistry.define('my-custom-button', MyCustomButton);
You can now put your custom element in the DOM, and once the DOM is loaded by
the browser, your ElementView will automatically be instantiated and
initialize
will be called.
<div>
<my-custom-button></my-custom-button>
</div>
0.0.7 (2022-04-08)
dependencies
from devDependencies
FAQs
Modernized Backbone with web components
The npm package @converse/skeletor receives a total of 346 weekly downloads. As such, @converse/skeletor popularity was classified as not popular.
We found that @converse/skeletor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.