Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@preact/signals-core
Advanced tools
@preact/signals-core is a state management library designed for Preact applications. It provides reactive signals that can be used to manage and update state efficiently. The package is lightweight and focuses on providing a simple API for state management.
Creating Signals
Signals are reactive state containers. You can create a signal with an initial value and update it. The value of the signal can be accessed and modified using the `.value` property.
const { signal } = require('@preact/signals-core');
const count = signal(0);
console.log(count.value); // 0
count.value = 1;
console.log(count.value); // 1
Computed Values
Computed values are derived from other signals. They automatically update when the signals they depend on change.
const { signal, computed } = require('@preact/signals-core');
const count = signal(0);
const doubleCount = computed(() => count.value * 2);
console.log(doubleCount.value); // 0
count.value = 2;
console.log(doubleCount.value); // 4
Effects
Effects are functions that run whenever the signals they depend on change. They are useful for performing side effects in response to state changes.
const { signal, effect } = require('@preact/signals-core');
const count = signal(0);
effect(() => {
console.log(`Count is now ${count.value}`);
});
count.value = 1; // Logs: Count is now 1
MobX is a state management library that makes it simple to connect the reactive data of your application with the UI. It provides observables, computed values, and reactions, similar to signals, computed values, and effects in @preact/signals-core. However, MobX is more feature-rich and can be used with various frameworks, not just Preact.
Valtio is a proxy-state library that captures the state and makes it reactive. It provides a simple API for creating reactive state and is framework-agnostic. Valtio's approach is similar to @preact/signals-core but uses JavaScript proxies to track state changes.
Zustand is a small, fast, and scalable state management solution. It provides a simple API for creating and managing state, with a focus on simplicity and performance. While it does not use signals, it offers a similar level of simplicity and ease of use for state management.
Signals is a performant state management library with two primary goals:
Read the announcement post to learn more about which problems signals solves and how it came to be.
# Just the core library
npm install @preact/signals-core
# If you're using Preact
npm install @preact/signals
# If you're using React
npm install @preact/signals-react
# If you're using Svelte
npm install @preact/signals-core
The signals library exposes four functions which are the building blocks to model any business logic you can think of.
signal(initialValue)
The signal
function creates a new signal. A signal is a container for a value that can change over time. You can read a signal's value or subscribe to value updates by accessing its .value
property.
import { signal } from "@preact/signals-core";
const counter = signal(0);
// Read value from signal, logs: 0
console.log(counter.value);
// Write to a signal
counter.value = 1;
Writing to a signal is done by setting its .value
property. Changing a signal's value synchronously updates every computed and effect that depends on that signal, ensuring your app state is always consistent.
signal.peek()
In the rare instance that you have an effect that should write to another signal based on the previous value, but you don't want the effect to be subscribed to that signal, you can read a signals's previous value via signal.peek()
.
const counter = signal(0);
const effectCount = signal(0);
effect(() => {
console.log(counter.value);
// Whenever this effect is triggered, increase `effectCount`.
// But we don't want this signal to react to `effectCount`
effectCount.value = effectCount.peek() + 1;
});
Note that you should only use signal.peek()
if you really need it. Reading a signal's value via signal.value
is the preferred way in most scenarios.
computed(fn)
Data is often derived from other pieces of existing data. The computed
function lets you combine the values of multiple signals into a new signal that can be reacted to, or even used by additional computeds. When the signals accessed from within a computed callback change, the computed callback is re-executed and its new return value becomes the computed signal's value.
import { signal, computed } from "@preact/signals-core";
const name = signal("Jane");
const surname = signal("Doe");
const fullName = computed(() => name.value + " " + surname.value);
// Logs: "Jane Doe"
console.log(fullName.value);
// Updates flow through computed, but only if someone
// subscribes to it. More on that later.
name.value = "John";
// Logs: "John Doe"
console.log(fullName.value);
Any signal that is accessed inside the computed
's callback function will be automatically subscribed to and tracked as a dependency of the computed signal.
effect(fn)
The effect
function is the last piece that makes everything reactive. When you access a signal inside its callback function, that signal and every dependency of said signal will be activated and subscribed to. In that regard it is very similar to computed(fn)
. By default all updates are lazy, so nothing will update until you access a signal inside effect
.
import { signal, computed, effect } from "@preact/signals-core";
const name = signal("Jane");
const surname = signal("Doe");
const fullName = computed(() => name.value + " " + surname.value);
// Logs: "Jane Doe"
effect(() => console.log(fullName.value));
// Updating one of its dependencies will automatically trigger
// the effect above, and will print "John Doe" to the console.
name.value = "John";
You can destroy an effect and unsubscribe from all signals it was subscribed to, by calling the returned function.
import { signal, computed, effect } from "@preact/signals-core";
const name = signal("Jane");
const surname = signal("Doe");
const fullName = computed(() => name.value + " " + surname.value);
// Logs: "Jane Doe"
const dispose = effect(() => console.log(fullName.value));
// Destroy effect and subscriptions
dispose();
// Update does nothing, because no one is subscribed anymore.
// Even the computed `fullName` signal won't change, because it knows
// that no one listens to it.
surname.value = "Doe 2";
The effect callback may return a cleanup function. The cleanup function gets run once, either when the effect callback is next called or when the effect gets disposed, whichever happens first.
import { signal, effect } from "@preact/signals-core";
const count = signal(0);
const dispose = effect(() => {
const c = count.value;
return () => console.log(`cleanup ${c}`);
});
// Logs: cleanup 0
count.value = 1;
// Logs: cleanup 1
dispose();
batch(fn)
The batch
function allows you to combine multiple signal writes into one single update that is triggered at the end when the callback completes.
import { signal, computed, effect, batch } from "@preact/signals-core";
const name = signal("Jane");
const surname = signal("Doe");
const fullName = computed(() => name.value + " " + surname.value);
// Logs: "Jane Doe"
effect(() => console.log(fullName.value));
// Combines both signal writes into one update. Once the callback
// returns the `effect` will trigger and we'll log "Foo Bar"
batch(() => {
name.value = "Foo";
surname.value = "Bar";
});
When you access a signal that you wrote to earlier inside the callback, or access a computed signal that was invalidated by another signal, we'll only update the necessary dependencies to get the current value for the signal you read from. All other invalidated signals will update at the end of the callback function.
import { signal, computed, effect, batch } from "@preact/signals-core";
const counter = signal(0);
const double = computed(() => counter.value * 2);
const triple = computed(() => counter.value * 3);
effect(() => console.log(double.value, triple.value));
batch(() => {
counter.value = 1;
// Logs: 2, despite being inside batch, but `triple`
// will only update once the callback is complete
console.log(double.value);
});
// Now we reached the end of the batch and call the effect
Batches can be nested and updates will be flushed when the outermost batch call completes.
import { signal, computed, effect, batch } from "@preact/signals-core";
const counter = signal(0);
effect(() => console.log(counter.value));
batch(() => {
batch(() => {
// Signal is invalidated, but update is not flushed because
// we're still inside another batch
counter.value = 1;
});
// Still not updated...
});
// Now the callback completed and we'll trigger the effect.
untracked(fn)
In case when you're receiving a callback that can read some signals, but you don't want to subscribe to them, you can use untracked
to prevent any subscriptions from happening.
const counter = signal(0);
const effectCount = signal(0);
const fn = () => effectCount.value + 1;
effect(() => {
console.log(counter.value);
// Whenever this effect is triggered, run `fn` that gives new value
effectCount.value = untracked(fn);
});
MIT
, see the LICENSE file.
FAQs
Manage state with style in every framework
The npm package @preact/signals-core receives a total of 126,336 weekly downloads. As such, @preact/signals-core popularity was classified as popular.
We found that @preact/signals-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.