Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@progress/sitefinity-nextjs-sdk
Advanced tools
Provides OOB widgets for Sitefinity, written in the Next.js framework; abstraction for communicating with Sitefinity; additional API, typings, and tooling.
Provides OOB widgets for Sitefinity, written in the Next.js framework; abstraction for communicating with Sitefinity; additional API, typings, and tooling.
Install via npm:
npm i @progress/sitefinity-nextjs-sdk --save
Via yarn:
yarn add @progress/sitefinity-nextjs-sdk
You can get started using it with our starter template in the follwing NextJS samples repo. It provides the needed integration for communicating with a Sitefinity server, setup documentation, and the basic boiler plate for getting started.
The root module contains mainly tooling and interfaces related to widget rendering, models, metadata, renderer contracts.
Creating and declaring custom widgets should adhere to the following convention. Widgets should be registered in a WidgetRegistry by WidgetMetadata, which consists of:
For more information and samples visit our NextJS samples repo.
In order for the WYSIWYG page and form editor to work properly, several custom html attributes need to be provided while viewing the markup in edit mode. The htmlAttributes handles the general case for this need. For aggregating custom CSS classes we provide the helper classNames.
import { htmlAttributes, classNames } from '@progress/sitefinity-nextjs-sdk';
export function CustomWidget(props: WidgetContext<CustomWidgetEntity>) {
const dataAttributes = htmlAttributes(props);
const customCssClasses = classNames('someClassNames');
dataAttributes['className'] = customCssClasses;
return (
<div {...dataAttributes}>
custom widget content
</div>
);
}
To define an area in your custom widget template where children widgets could be added, to the HTML element that would hold them should have the data-sfcontainer attribute set.
The WYSIWYG editor will diplay on that spot the option to add a widget. If you want to have the ability to add widgets to your manually designated places and hide the default empty widget "add widget" placeholder, you can use the setHideEmptyVisual function to modify the dataAttributes.
import { htmlAttributes, setHideEmptyVisual } from '@progress/sitefinity-nextjs-sdk';
function CustomWidget(props: WidgetContext<CustomWidgetEntity>) {
const dataAttributes = htmlAttributes(props);
setHideEmptyVisual(dataAttributes, true); // this would hide the default empty visual
return (
<div {...dataAttributes}>
...
<div id='childrenHolder' data-sfcontainer='containerId'>
</div>
</div>
)
}
import { RestClient } from '@progress/sitefinity-nextjs-sdk/rest-sdk';
Provides a way to communicate with Sitefinity's REST API for the majority of the necessary operations and data queries. The entry static class RestClient is part of the @progress/sitefinity-nextjs-sdk/rest-sdk module.
import * from '@progress/sitefinity-nextjs-sdk/widgets';
import * from '@progress/sitefinity-nextjs-sdk/widgets/forms';
These modules contain the following OOB basic widgets:
import { StyleGenerator } from '@progress/sitefinity-nextjs-sdk/widgets/styling';
Provides styling helper methods and interfaces that we provide mainly in the StyleGenerator class.
For the exact implementation of the widgets and tooling, plese refer to the public NextJS sdk read-only repo
FAQs
Provides OOB widgets developed using the Next.js framework, which includes an abstraction layer for Sitefinity communication. Additionally, it offers an expanded API, typings, and tools for further development and integration.
The npm package @progress/sitefinity-nextjs-sdk receives a total of 1,704 weekly downloads. As such, @progress/sitefinity-nextjs-sdk popularity was classified as popular.
We found that @progress/sitefinity-nextjs-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.