Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@mrdotb/live-react
Advanced tools
@mrdotb/live-react
[](https://hex.pm/packages/live_react) [](https://hexdocs.pm/live_react) [
LiveReact
React inside Phoenix LiveView.
Features
- ⚡ End-To-End Reactivity with LiveView
- 🔋 Server-Side Rendered (SSR) React
- 🦄 Tailwind Support
- 💀 Dead View Support
- 🐌 Lazy-loading React Components
Resources
Why LiveReact
Phoenix LiveView enables rich, real-time user experiences with server-rendered HTML. It works by communicating any state changes through a websocket and updating the DOM in realtime. You can get a really good user experience without ever needing to write any client side code.
LiveReact builds on top of Phoenix LiveView to allow for easy client side state management while still allowing for communication over the websocket.
Installation
- Add
live_reactto your list of dependencies inmix.exs:
def deps do
[
{:live_react, "~> 0.2.0-rc.0"}
]
end
- Adjust the
setupinmix.exs:
- For Linux/MacOs
defp aliases do
[
setup: ["deps.get", "assets.setup", "npm install --prefix assets", "assets.build"],
]
end
- For Windows
defp aliases do
[
setup: ["deps.get", "assets.setup", "cmd --cd assets npm install", "assets.build"],
]
end
- Run the following in your terminal
mix deps.get
- Add
import LiveReactinhtml_helpers/0inside/lib/<app_name>_web.exlike so:
# /lib/<app_name>_web.ex
defp html_helpers do
quote do
# ...
import LiveReact # <-- Add this line
# ...
end
end
- Create a package.json file at
assets/package.json
{
"dependencies": {
"@mrdotb/live-react": "^0.2.1-beta",
"phoenix": "file:../deps/phoenix",
"phoenix_html": "file:../deps/phoenix_html",
"phoenix_live_view": "file:../deps/phoenix_live_view",
"react": "^18.3.1",
"react-dom": "^18.3.1"
}
}
- Create a
reactdirectory insideassetsand add aindex.jsfile
// import and export the react components you want to use in your LiveView
// ex: import { Simple } from "./simple";
// ex: export default { Simple };
export default {};
- Add the following to your
assets/js/app.jsfile
...
import components from "../react";
import { getHooks } from "@mrdotb/live-react";
const hooks = {
...getHooks(components),
};
let csrfToken = document
.querySelector("meta[name='csrf-token']")
.getAttribute("content");
let liveSocket = new LiveSocket("/live", Socket, {
hooks: hooks, // <-- pass the hooks
longPollFallbackMs: 2500,
params: { _csrf_token: csrfToken },
});
...
- For tailwind support, make some addition to
contentin theassets/tailwind.config.jsfile
content: [
...
"./react/**/*.jsx", // <- if you are using jsx
"./react/**/*.tsx" // <- if you are using tsx
],
Examples
Check out the demo website on fly.io to see some examples of what you can do with LiveReact.
Credits
I was inspired by the following libraries:
I had a need for a similar library for React and so I created LiveReact 👍
FAQs
[](https://hex.pm/packages/live_react) [](https://hexdocs.pm/live_react) [
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025