Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@esri/calcite-components
Advanced tools
Calcite Components, part of Esri's Calcite Design System, is a rich library of flexible, framework-agnostic web components for building applications. View the documentation for component descriptions, examples, and API reference, which includes properties, slots, styles, and theming.
The most common approach for loading Calcite Components is to use the version hosted on the CDN. The components can be loaded via <script>
and <link>
tags in the head of your HTML document:
<script
type="module"
src="https://cdn.jsdelivr.net/npm/@esri/calcite-components@2.13.2/dist/calcite/calcite.esm.js"
></script>
<link
rel="stylesheet"
type="text/css"
href="https://cdn.jsdelivr.net/npm/@esri/calcite-components@2.13.2/dist/calcite/calcite.css"
/>
Once these tags are added, components can be used like any other HTML element. Only components that are used in the application will be loaded.
Calcite Components is also provided as an NPM package. To get started, first install the package, then follow the steps below. Alternatively, you can find examples using different frameworks and build tools here.
npm install @esri/calcite-components
Choose one of the two builds provided by Calcite Components.
Custom Elements is the recommended build when leveraging a frontend framework. To use this build, you will need to set the path to Calcite Components' assets. You can either use local assets, which will be explained in a subsequent step, or assets hosted on the CDN.
import { setAssetPath } from "@esri/calcite-components/dist/components";
// CDN hosted assets
setAssetPath("https://cdn.jsdelivr.net/npm/@esri/calcite-components/dist/calcite/assets");
// Local assets
// setAssetPath(PATH); // PATH depends on framework, more info below
Next, you need to import each component you use from the custom elements build. This will automatically define the custom elements on the window.
import "@esri/calcite-components/dist/components/calcite-button";
import "@esri/calcite-components/dist/components/calcite-icon";
import "@esri/calcite-components/dist/components/calcite-slider";
When using the Distribution build, you'll need to define the custom elements on the window. You can also choose between local and CDN hosted assets.
import { defineCustomElements } from "@esri/calcite-components/dist/loader";
// CDN hosted assets
defineCustomElements(window, {
resourcesUrl: "https://cdn.jsdelivr.net/npm/@esri/calcite-components/dist/calcite/assets",
});
// Local assets
// defineCustomElements(window);
Since you defined the custom elements on the window, you do not need to import individual components.
Some components, such as calcite-icon
and calcite-date-picker
, rely on assets being available at a particular path. As mentioned, with the NPM package you have the option to provide a local path or the URL to the assets hosted on the CDN. Using the CDN hosted assets can help decrease on disk build size.
To use the assets locally, they need to be copied using a build tool or NPM script. The directory for the local assets must be named assets
, which eases the copying process. For example, /public/calcite/assets
will work, however /public/calcite-assets
will not.
The Calcite Components examples repo demonstrates using local assets in a variety of JavaScript frameworks and build tools. Each example has a README with a framework or build tool specific explanation.
cp -r node_modules/@esri/calcite-components/dist/calcite/assets/* ./public/assets/
Finally, load the Cascading Style Sheet (CSS). This is also dependent on your framework or build tool, however in many cases it can be imported in JavaScript:
import "@esri/calcite-components/dist/calcite/calcite.css";
Stencil provides a full set of typings for all the components in this repo. To make TypeScript aware of these components, just import the library:
import "@esri/calcite-components";
This will provide autocomplete of component names/properties, as well as additional HTML element types:
// created elements will implicitly have the correct type already
const loader = document.createElement("calcite-loader");
document.body.appendChild(loader);
loader.active = true;
// you can also explicitly type an element using the generated types
// the type name will always be formatted like HTML{CamelCaseComponentName}Element
const loader = document.querySelector(".my-loader-element") as HTMLCalciteLoaderElement;
loader.active = true;
@stencil/core
VersionWhen using Stencil, make sure the @stencil/core
version in your project matches the one used by Calcite Components. You may run into type errors if the @stencil/core
versions are different. You can install the same Stencil version used by @esri/calcite-components
:
npm install @stencil/core@$(npm view @esri/calcite-components dependencies["@stencil/core"])
Chrome | Firefox | Safari | Edge |
---|---|---|---|
Last 2 versions ✔ |
We welcome contributions to this project. See CONTRIBUTING.md for an overview of contribution guidelines.
COPYRIGHT © 2024 Esri
All rights reserved under the copyright laws of the United States and applicable international laws, treaties, and conventions.
This material is licensed for use under the Esri Master License Agreement (MLA), and is bound by the terms of that agreement. You may redistribute and use this code without modification, provided you adhere to the terms of the MLA and include this copyright notice.
See use restrictions at http://www.esri.com/legal/pdfs/mla_e204_e300/english
For additional information, contact: Environmental Systems Research Institute, Inc. Attn: Contracts and Legal Services Department 380 New York Street Redlands, California, USA 92373 USA
email: contracts@esri.com
FAQs
Web Components for Esri's Calcite Design System.
We found that @esri/calcite-components demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 42 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.