
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@ecopages/react
Advanced tools
The @ecopages/react package introduces first-class integration with React version 19, enabling developers to leverage React's robust ecosystem and component model within the Ecopages platform. This integration provides a seamless experience for using React components in your Ecopages projects, combining React's declarative UI library with the flexibility and simplicity of Ecopages.
bunx jsr add @ecopages/react
To incorporate the React integration into your Ecopages project, configure your project as follows:
import { ConfigBuilder } from '@ecopages/core';
import { reactPlugin } from '@ecopages/react';
const config = await new ConfigBuilder()
.setBaseUrl(import.meta.env.ECOPAGES_BASE_URL)
.setIntegrations([reactPlugin()])
.build();
export default config;
The React plugin includes optional MDX support. When enabled, you can write .mdx pages alongside .tsx pages with unified client-side routing, hydration, and HMR.
import { ConfigBuilder } from '@ecopages/core';
import { reactPlugin } from '@ecopages/react';
const config = await new ConfigBuilder()
.setBaseUrl(import.meta.env.ECOPAGES_BASE_URL)
.setIntegrations([
reactPlugin({
mdx: {
enabled: true,
compilerOptions: {
// Optional: remark/rehype plugins
},
},
}),
])
.build();
export default config;
This approach is recommended when using a client-side router (e.g., @ecopages/react-router) as it ensures consistent navigation between TSX and MDX pages.
Current behavior:
data-eco-component-id attribute is attached to the component SSR root when a single root element is available.createRoot() into that root boundary.This design preserves global CSS/layout selectors while keeping runtime ownership isolated per island instance.
For full React pages with client-side navigation, prefer @ecopages/react-router, where routing and hydration are handled by the React-specific runtime.
The React integration supports Node.js modules and server-only code, but only on the server execution graph.
node:* modules, database clients, filesystem utilities, and *.server.* modules.In practice, this means you can keep server helpers close to your React code, but the browser bundle boundary is strict:
export { Button } from './button';
export { db } from './db.server';
If a client entry only reaches Button, the db re-export is removed from the browser transform. If a client entry reaches db, the build fails because the server-only export crossed into the client graph.
This contract keeps SSR and server functions free to use Node.js while ensuring the final browser bundle contains no client-reachable server-only code.
FAQs
React integration for Ecopages
The npm package @ecopages/react receives a total of 517 weekly downloads. As such, @ecopages/react popularity was classified as not popular.
We found that @ecopages/react demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.