Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@greenwood/plugin-renderer-lit
Advanced tools
A server-side rendering plugin for Lit based Greenwood projects.
A Greenwood plugin for using Lit's SSR capabilities as a custom server-side renderer. Although support is experimental at this time, this plugin also gives the ability to statically render entire pages and layouts to output completely static sites.
We are still actively working on SSR features and enhancements for Greenwood as part of our 1.0 release so please feel free to test it out and report your feedback. 🙏
This package assumes you already have
@greenwood/cli
installed.
This packages depends on the Lit package as a peerDependency
. This means you must have Lit already installed in your project. You can install anything following the 3.x
release line.
# npm
$ npm install lit --dev
# yarn
$ yarn add lit --dev
You can use your favorite JavaScript package manager to install this package.
# npm
npm install @greenwood/plugin-renderer-lit --save-dev
# yarn
yarn add @greenwood/plugin-renderer-lit --dev
LitElement
does not support async
work. You can follow along with this issue in the Lit repo.getBody
API must be used. We would love for server only components to be a thing though!CSSStyleSheet
(aka CSS Modules) in their SSR DOM shim.See this repo for a full demo of isomorphic Lit SSR with SSR pages and API routes deployed to Vercel serverless functions.
Add this plugin to your greenwood.config.js.
import { greenwoodPluginRendererLit } from '@greenwood/plugin-renderer-lit';
export default {
...
plugins: [
greenwoodPluginRendererLit()
]
}
Now, you can author SSR pages using Lit templates and components using Greenwood's getBody
API. The below is an example of generating a template of LitElement based <app-card>
web components.
// src/pages/products.js
import { html } from 'lit';
import '../components/card.js';
export async function getBody() {
const products = await getProducts();
return html`
${
products.map((product, idx) => {
const { title, thumbnail } = product;
return html`
<app-card
title="${idx + 1}) ${title}"
thumbnail="${thumbnail}"
></app-card>
`;
})
}
`;
}
By default, this plugin sets isolation
mode to true
for all SSR pages. If you want to override this, just export an isolation
const.
// src/pages/products.js
export const isolation = false;
See the isolation configuration docs for more information.
In order for server-rendered components to become interactive on the client side, Lit's client-side hydration script must be included on the page. This setting is true
by default, but if you want to turn it off, you can export
the hydration option from your page with a value of false
.
// src/pages/products.js
export const hydration = false; // disable Lit hydration scripts for this page
The plugin provides a setting that can be used to override Greenwood's default prerender implementation which uses WCC, to use Lit instead.
import { greenwoodPluginRendererLit } from '@greenwood/plugin-renderer-lit';
export default {
...
plugins: [
greenwoodPluginRendererLit({
prerender: true
})
]
}
Keep in mind you will need to make sure your Lit Web Components are isomorphic and properly leveraging
LitElement
's lifecycles and browser / Node APIs accordingly for maximum compatibility and portability.
FAQs
A server-side rendering plugin for Lit based Greenwood projects.
The npm package @greenwood/plugin-renderer-lit receives a total of 10 weekly downloads. As such, @greenwood/plugin-renderer-lit popularity was classified as not popular.
We found that @greenwood/plugin-renderer-lit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.