Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@krakenjs/jsx-pragmatic
Advanced tools
Because JSX is pretty useful, even without React!
First we'll build a small component. We're not tying ourselves to any particular framework yet, or any render target.
/* @jsx node */
import { node } from "jsx-pragmatic";
function Login({ prefilledEmail }) {
return (
<section>
<input type="text" placeholder="email" value={prefilledEmail} />
<input type="password" placeholder="password" />
<button>Log In</button>
</section>
);
}
Let's say we're on the server-side, and we want to render the jsx to html to serve to a client. Just pass html()
to the renderer:
/* @jsx node */
import { node, html } from "jsx-pragmatic";
import { Login } from "./components";
function render() {
return (<Login prefilledEmail="foo@bar.com" />).render(html());
}
Now let's render the same jsx template on the client-side, directly to a DOM element:
/* @jsx node */
import { node, dom } from "jsx-pragmatic";
import { Login } from "./components";
function render() {
return (<Login prefilledEmail="foo@bar.com" />).render(dom());
}
Or if we're using the same component in React, we can render it as a React component:
/* @jsx node */
import { node, react } from "jsx-pragmatic";
import { Login } from "./components";
function render() {
return (<Login prefilledEmail="foo@bar.com" />).render(react({ React }));
}
Or if we're using the same component in Preact, we can render it as a Preact component:
/* @jsx node */
import { node, preact } from "jsx-pragmatic";
import { Login } from "./components";
function render() {
return (<Login prefilledEmail="foo@bar.com" />).render(preact({ Preact }));
}
Renderers are just functions!
customDom
. This will take some options and return our renderer.name
, props
and children
and renders them in whatever way you want!This example renders the jsx directly to DOM elements:
/* @jsx node */
import { node, NODE_TYPE } from "jsx-pragmatic";
import { Login } from "./components";
function customDom({ removeScriptTags } = { removeScriptTags: false }) {
let domRenderer = (node) => {
if (node.type === NODE_TYPE.COMPONENT) {
return node.renderComponent(domRenderer);
}
if (node.type === NODE_TYPE.TEXT) {
return document.createTextNode(node.text);
}
if (node.type === NODE_TYPE.ELEMENT) {
if (removeScriptTags && node.name === "script") {
return;
}
let el = document.createElement(node.name);
for (let [key, val] of Object.entries(node.props)) {
el.setAttribute(key, val);
}
for (let child of node.children) {
el.appendChild(child.render(domRenderer));
}
return el;
}
};
return domRenderer;
}
Then when you're ready to use your renderer, just pass it into .render()
and pass any options you want to use to configure the renderer.
function render() {
return (<Login prefilledEmail="foo@bar.com" />).render(
customDom({ removeScriptTags: true })
);
}
You can either import Fragment
from jsx-pragmatic
:
/* @jsx node */
import { node, Fragment } from "jsx-pragmatic";
function Login({ prefilledEmail }) {
return (
<Fragment>
<input type="text" placeholder="email" value={prefilledEmail} />
<input type="password" placeholder="password" />
<button>Log In</button>
</Fragment>
);
}
Or use the @jsxFrag
comment, and the new <>
</>
syntax for Fragments, providing you're using Babel 7:
/* @jsx node */
/* @jsxFrag Fragment */
import { node, Fragment } from "jsx-pragmatic";
function Login({ prefilledEmail }) {
return (
<>
<input type="text" placeholder="email" value={prefilledEmail} />
<input type="password" placeholder="password" />
<button>Log In</button>
</>
);
}
JSX is a neat way of parsing and compiling templates to vanilla javascript. Right now most people use JSX with React. But in reality, the technology is decoupled enough from React that it can be used to render anything:
This library helps you do that.
Yep, Babel provides a neat pragma
option which lets you choose what your jsx is compiled to; if you don't want to use React.createElement
, you can write your own pragma to convert the jsx to anything else.
The only problem with that is, the decision of which pragma to use is made entirely at build-time. Let's say you have a template which needs to be:
jsx-pragmatic
helps you achieve that by allowing you decide when you render what your jsx should be transformed into.
It also abstracts away some of the stuff in jsx that's a little tricky to deal with; like nested children arrays, dealing with basic element vs function components, and fragments -- leaving you to focus on the renderer logic.
npm install --save jsx-pragmatic
npm run setup
./src
and writing tests in ./tests
npm run build
npm run build
Edit tests in ./test/tests
Run the tests:
npm run test
npm run karma -- --browser=PhantomJS
npm run karma -- --browser=Chrome
npm run karma -- --browser=Safari
npm run karma -- --browser=Firefox
npm run karma -- --browser=PhantomJS,Chrome,Safari,Firefox
npm run karma -- --browser=Chrome --keep-open
./src
, ./test/tests
and ./demo
package.json
README.md
and CONTRIBUTING.md
npm run release
to add a patch
npm run release:path
, npm run release:minor
, npm run release:major
FAQs
Javascript module template.
We found that @krakenjs/jsx-pragmatic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.