Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@react-md/states
Advanced tools
A package for adding the different focus, hover, selected, active, etc states to elements
This package is used to create different interaction states for when a user is touching, hovering, pressing, or keyboard focusing an element on the page. There are also some mixins and styles that allow you to apply styles only while the user is in "touch", "mouse", or "keyboard" mode so you can finally get that amazing keyboard focus only effect going on.
npm install --save @react-md/states
It is also recommended to install the following packages:
npm install --save @react-md/theme \
@react-md/typography \
@react-md/utils
You should check out the full documentation for live examples and more customization information, but an example usage is shown below.
This package has two main exports: StatesConfig
and useInteractionStates
.
This component is used to apply global configuration for how your user
interactions should work as well as determining the user input mode for your
app. There should only be one StatesConfig
component defined in your app at
a time and it should probably be somewhere near the root of your React render
tree since this component will modify the base document.body
element with a
different className
to help determine the current interaction mode.
import { render } from "react-dom";
import { StatesConfig } from "@react-md/states";
import App from "./App";
const Root = () => (
<StatesConfig>
<App />
</StatesConfig>
);
render(<Root />, document.getElementById("root"));
Since some people do not actually like the ripple effect from material design,
you can also configure the StatesConfig
to remove the ripples altogether and
fallback to the default "pressed" states which will just change background color
temporarily instead.
import { render } from "react-dom";
import { StatesConfig } from "@react-md/states";
import App from "./App";
const Root = () => (
<StatesConfig disableRipple>
<App />
</StatesConfig>
);
render(<Root />, document.getElementById("root"));
This is a hook that will allow you to connect to the current StatesConfig
and
apply the different interaction states for an element. This hook will always
return an object containing:
ripples
- ReactNode
of the ripples when enabled or null
when ripples are
disabledclassName
- A merged className
if using the pressed fallback state when
ripples are disabledhandlers
- An object containing all the event handlers that must be applied
to the DOM element so all the interaction states can happen.import type { HTMLAttributes, ReactElement } from "react";
import { render } from "react-dom";
import {
StatesConfig,
userInteractionStates,
InteractionStatesOptions,
} from "@react-md/states";
type ButtonProps = HTMLAttributes<HTMLButtonElement> &
InteractionStatesOptions<HTMLButtonElement>;
function Button({
className: propClassName,
disabled,
disableRipple,
disableProgrammaticRipple,
disableSpacebarClick,
disablePressedFallback,
children,
...propHandlers
}: ButtonProps): ReactElement {
const { ripples, handlers, className } = useInteractionStates({
handlers: propHandlers,
className: propClassName,
disabled: disabled,
disableRipple,
disableProgrammaticRipple,
disableSpacebarClick,
disablePressedFallback,
});
return (
<button type="button" className={className} {...handlers}>
{children}
{ripples}
</button>
);
}
function App(): ReactElement {
return (
<>
<Button>Button 1</Button>
<Button disableRipple>Button 2</Button>
<Button disableRipple disablePressedFallback>
Button 3
</Button>
</>
);
}
render(<App />, document.getElementById("root"));
4.0.0 (2021-11-24)
This release focused on updating the @react-md/transition
package to no longer log errors in React.StrictMode
because react-ransition-group
was using ReactDOM.findDOMNode
to handle transitions.
All react-md
packages will no longer use react-transition-group
since all that functionality has been built into @react-md/transition
with a slightly different API.
This release has also included my first attempt at automating upgrading to new major releases by introducing a new @react-md/codemod package that is similar to the react-codemod package. You can automate some of this release by running:
npx @react-md/codemod v3-to-v4/preset
Since I am still learning how to use jscodeshift, it will not be able to migrate everything but should still help with most changes.
DropdownMenu
and Menu
portal by default (98a6a9f), closes #1264eslint
(8111cd3)ConditionalPortal
supports ReactNode children (c83d578)Typography
(30cf056)sass
resolutions in package.json (db22cde), closes #1261react-marked-renderer
for markdown stuffs (93ebaa4)prettier
(9632d82)react-router-dom
v6 (e012ef9)sass
files (98ffe40)sassdoc
to not through uncaught exceptions (8bdf532)prettier
after upgrading to v2.4.0 (06110af)enable
strict mode by default for nextjs-typescript (83e4c44)create-react-app
example to use react-router-dom
v6 (3c4d1ea)react-router-dom
v6 (ae469ef)stylelint
(22d1598)DropdownMenu
and Menu
components portal by
default. This should really only affect snapshot testslib.d.ts
prop-types
package.FAQs
A package for adding the different focus, hover, selected, active, etc states to elements
The npm package @react-md/states receives a total of 1,092 weekly downloads. As such, @react-md/states popularity was classified as popular.
We found that @react-md/states demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.