Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@humanmade/react-slot-fill
Advanced tools
This package is the [SlotFill component](https://developer.wordpress.org/block-editor/components/slot-fill/) from the [WordPress Gutenberg project](https://github.com/WordPress/gutenberg), broken out for standalone usage.
This package is the SlotFill component from the WordPress Gutenberg project, broken out for standalone usage.
Licensed under the GPL. Copyright 2011-2020 by the contributors.
The original package's readme follows.
Slot and Fill are a pair of components which enable developers to render elsewhere in a React element tree, a pattern often referred to as "portal" rendering. It is a pattern for component extensibility, where a single Slot may be occupied by an indeterminate number of Fills elsewhere in the application.
Slot Fill is heavily inspired by the react-slot-fill
library, but uses React's own portal rendering API, exposed as an unstable API in React 16 and slated to be promoted to a stable API in React 17.
At the root of your application, you must render a SlotFillProvider
which coordinates Slot and Fill rendering.
Then, render a Slot component anywhere in your application, giving it a name.
Any Fill will automatically occupy this Slot space, even if rendered elsewhere in the application.
You can either use the Fill component directly, or a wrapper component type as in the below example to abstract the slot name from consumer awareness.
import { SlotFillProvider, Slot, Fill, Panel, PanelBody } from '@wordpress/components';
const MySlotFillProvider = () => {
const MyPanelSlot = () => (
<Panel header="Panel with slot">
<PanelBody>
<Slot name="MyPanelSlot"/>
</PanelBody>
</Panel>
);
MyPanelSlot.Content = () => (
<Fill name="MyPanelSlot">
Panel body
</Fill>
);
return (
<SlotFillProvider>
<MyPanelSlot />
<MyPanelSlot.Content />
</SlotFillProvider>
);
};
There is also createSlotFill
helper method which was created to simplify the process of matching the corresponding Slot
and Fill
components:
const { Fill, Slot } = createSlotFill( 'Toolbar' );
const ToolbarItem = () => (
<Fill>
My item
</Fill>
);
const Toolbar = () => (
<div className="toolbar">
<Slot />
</div>
);
The SlotFillProvider
component does not accept any props.
Both Slot
and Fill
accept a name
string prop, where a Slot
with a given name
will render the children
of any associated Fill
s.
Slot
accepts a bubblesVirtually
prop which changes the event bubbling behaviour:
bubblesVirtually
is set to true, events will bubble to their virtual parent in the React elements hierarchy instead.Slot
with bubblesVirtually
set to true also accept an optional className
to add to the slot container.
Slot
also accepts optional children
function prop, which takes fills
as a param. It allows to perform additional processing and wrap fills
conditionally.
Example:
const Toolbar = ( { isMobile } ) => (
<div className="toolbar">
<Slot name="Toolbar">
{ ( fills ) => {
return isMobile && fills.length > 3 ?
<div className="toolbar__mobile-long">{ fills }</div> :
fills;
} }
</Slot>
</div>
);
FAQs
This package is the [SlotFill component](https://developer.wordpress.org/block-editor/components/slot-fill/) from the [WordPress Gutenberg project](https://github.com/WordPress/gutenberg), broken out for standalone usage.
The npm package @humanmade/react-slot-fill receives a total of 0 weekly downloads. As such, @humanmade/react-slot-fill popularity was classified as not popular.
We found that @humanmade/react-slot-fill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.