Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@craco/craco
Advanced tools
Create React App Configuration Override, an easy and comprehensible configuration layer for create-react-app.
@craco/craco is a configuration layer for Create React App (CRA) that allows you to customize the default CRA configuration without ejecting. It provides a way to override the Webpack configuration, Babel configuration, and other settings in a more flexible and maintainable way.
Webpack Configuration Override
This feature allows you to override the default Webpack configuration provided by Create React App. In this example, the CracoLessPlugin is used to customize the primary color in a LESS file.
const CracoLessPlugin = require('craco-less');
module.exports = {
plugins: [
{
plugin: CracoLessPlugin,
options: {
lessLoaderOptions: {
lessOptions: {
modifyVars: { '@primary-color': '#1DA57A' },
javascriptEnabled: true,
},
},
},
},
],
};
Babel Configuration Override
This feature allows you to override the default Babel configuration. In this example, the Babel plugin for decorators is added to the configuration.
module.exports = {
babel: {
plugins: [
['@babel/plugin-proposal-decorators', { legacy: true }],
],
},
};
ESLint Configuration Override
This feature allows you to override the default ESLint configuration. In this example, the 'no-console' rule is turned off.
module.exports = {
eslint: {
enable: true,
mode: 'extends',
configure: {
rules: {
'no-console': 'off',
},
},
},
};
customize-cra is another package that allows you to override the default Create React App configuration without ejecting. It provides a set of utilities to customize Webpack, Babel, and other configurations. Compared to @craco/craco, customize-cra is more focused on providing utility functions for common customizations, whereas @craco/craco offers a more structured plugin system.
react-app-rewired is a package that lets you override the Create React App configuration without ejecting. It allows you to modify the Webpack configuration and other settings by providing a config-overrides.js file. Compared to @craco/craco, react-app-rewired is simpler but less flexible, as it does not offer a plugin system.
Create React App Configuration Override, an easy and comprehensible configuration layer for create-react-app.
Find config docs, API docs, plugins, and example configs at craco.js.org!
Get all the benefits of Create React App and customization without using 'eject' by adding a single configuration (e.g. craco.config.js
) file at the root of your application and customize your ESLint, Babel, PostCSS configurations and many more.
Install the latest version of the package from npm as a dev dependency:
npm i -D @craco/craco
Create a CRACO configuration file in your project's root directory and configure:
my-app
├── node_modules
+ ├── craco.config.js
└── package.json
Update the existing calls to react-scripts
in the scripts
section of your package.json
to use the craco
CLI:
"scripts": {
- "start": "react-scripts start"
+ "start": "craco start"
- "build": "react-scripts build"
+ "build": "craco build"
- "test": "react-scripts test"
+ "test": "craco test"
}
Visit craco.js.org to learn more.
FAQs
Create React App Configuration Override, an easy and comprehensible configuration layer for create-react-app.
We found that @craco/craco demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.