Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@storyblok/js
Advanced tools
The JavaScript SDK you need to interact with Storyblok API and enable the Real-time Visual Editing Experience.
If you are first-time user of the Storyblok, read the Getting Started guide to get a project ready in less than 5 minutes.
Install @storyblok/js
:
npm install @storyblok/js
// yarn add @storyblok/js
Install the file from the CDN:
<script src="https://unpkg.com/@storyblok/js"></script>
Register the plugin on your application and add the access token of your Storyblok space. You can also add the apiPlugin
in case that you want to use the Storyblok API Client:
import { storyblokInit, apiPlugin } from "@storyblok/js";
const { storyblokApi } = storyblokInit({
accessToken: "YOUR_ACCESS_TOKEN",
use: [apiPlugin],
});
That's it! All the features are enabled for you: the Api Client for interacting with Storyblok CDN API, and Storyblok Bridge for real-time visual editing experience.
You can enable/disable some of these features if you don't need them, so you save some KB. Please read the "Features and API" section
@storyblok/js
does three actions when you initialize it:
storyblokApi
object in your app, which is an instance of storyblok-js-client.storyblokEditable
function to link editable components to the Storyblok Visual Editor.Inject storyblokApi
:
import { storyblokInit, apiPlugin } from "@storyblok/js";
const { storyblokApi } = storyblokInit({
accessToken: "YOUR_ACCESS_TOKEN",
use: [apiPlugin],
});
const { data } = await storyblokApi.get("cdn/stories", { version: "draft" });
Note: if you don't use
apiPlugin
, you can use your prefered method or function to fetch your data.
Use useStoryblokBridge
or registerStoryblokBridge
to get the new story every time is triggered a change
event from the Visual Editor. You need to pass the story id as first param, and a callback function as second param to update the new story:
import { storyblokInit, apiPlugin, useStoryblokBridge } from "@storyblok/js";
const { storyblokApi } = storyblokInit({
accessToken: "YOUR_ACCESS_TOKEN",
use: [apiPlugin],
});
const { data } = await storyblokApi.get("cdn/stories", { version: "draft" });
const story = data ? data.story : null;
useStoryblokBridge(story.id, (story) => (state.story = story));
You can pass Bridge options as a third parameter as well:
useStoryblokBridge(story.id, (story) => (state.story = story), {
resolveRelations: ["Article.author"],
});
To link your app and Storyblok components together will depend on the framework you are using. But, in the end, you must add the data-blok-c
and data-blok-uid
attributes, and the storyblok__outline
class.
We provide you a storyblokEditable
function to make that easier. As an example, you can check in @storyblok/vue how we use a v-editable
directive for that:
import { storyblokEditable } from "@storyblok/js";
const vEditableDirective = {
bind(el, binding) {
if (binding.value) {
const options = storyblokEditable(binding.value);
el.setAttribute("data-blok-c", options["data-blok-c"]);
el.setAttribute("data-blok-uid", options["data-blok-uid"]);
el.classList.add("storyblok__outline");
}
},
};
At this point, you'll have your app connected to Storyblok with the real-time editing experience fully enabled.
You can choose the features to use when you initialize the plugin. In that way, you can improve Web Performance by optimizing your page load and save some bytes.
You can use an apiOptions
object. This is passed down to the (storyblok-js-client config object](https://github.com/storyblok/storyblok-js-client#class-storyblok):
const { storyblokApi } = storyblokInit({
accessToken: "YOUR_ACCESS_TOKEN",
apiOptions: {
// storyblok-js-client config object
cache: { type: "memory" },
},
use: [apiPlugin],
});
If you prefer to use your own fetch method, just remove the apiPlugin
and storyblok-js-client
won't be added to your application.
storyblokInit({});
You can conditionally load it by using the bridge
option. Very useful if you want to disable it in production:
const { storyblokApi } = storyblokInit({
bridge: process.env.NODE_ENV !== "production",
});
If you don't use useStoryblokBridge
or registerStoryblokBridge
, you have still access to the raw window.StoryblokBridge
:
const sbBridge = new window.StoryblokBridge(options);
sbBridge.on(["input", "published", "change"], (event) => {
// ...
});
You can easily render rich text by using the renderRichText
function that comes with @storyblok/js
:
import { renderRichText } from "@storyblok/js";
const renderedRichText = renderRichText(blok.richtext);
You can set a custom Schema and component resolver globally at init time by using the richText
init option:
import { RichTextSchema, storyblokInit } from "@storyblok/js";
import cloneDeep from "clone-deep";
const mySchema = cloneDeep(RichTextSchema); // you can make a copy of the default RichTextSchema
// ... and edit the nodes and marks, or add your own.
// Check the base RichTextSchema source here https://github.com/storyblok/storyblok-js-client/blob/master/source/schema.js
storyblokInit({
accessToken: "<your-token>",
richText: {
schema: mySchema,
resolver: (component, blok) => {
switch (component) {
case "my-custom-component":
return `<div class="my-component-class">${blok.text}</div>`;
default:
return "Resolver not defined";
}
},
},
});
You can also set a custom Schema and component resolver only once by passing the options as the second parameter to renderRichText
function:
import { renderRichText } from "@storyblok/js";
renderRichText(blok.richTextField, {
schema: mySchema,
resolver: (component, blok) => {
switch (component) {
case "my-custom-component":
return `<div class="my-component-class">${blok.text}</div>`;
break;
default:
return `Component ${component} not found`;
}
},
});
Please see our contributing guidelines and our code of conduct. This project use semantic-release for generate new versions by using commit messages and we use the Angular Convention to naming the commits. Check this question about it in semantic-release FAQ
FAQs
SDK to integrate Storyblok into your project using JavaScript.
We found that @storyblok/js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.