Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@storyblok/vue
Advanced tools
The Vue SDK you need to interact with Storyblok API and enable the Real-time Visual Editing Experience.
Note: This plugin is for Vue 3. Check out the docs for Vue 2 version.
Check out the Live Demo on Stackblitz!
If you are first-time user of the Storyblok, read the Getting Started guide to get a project ready in less than 5 minutes.
Install @storyblok/vue
npm install @storyblok/vue
# yarn add @storyblok/vue
⚠️ This SDK uses the Fetch API under the hood. If your environment doesn't support it, you need to install a polyfill like isomorphic-fetch. More info on storyblok-js-client docs.
Register the plugin on your application (usually in main.js
), add the apiPlugin
and add the access token of your Storyblok space:
import { createApp } from "vue";
import { StoryblokVue, apiPlugin } from "@storyblok/vue";
import App from "./App.vue";
const app = createApp(App);
app.use(StoryblokVue, {
accessToken: "YOUR_ACCESS_TOKEN",
use: [apiPlugin],
});
That's it! All the features are enabled for you: the Api Client for interacting with Storyblok CDN API, and Storyblok Bridge for real-time visual editing experience.
You can enable/disable some of these features if you don't need them, so you save some KB. Please read the "Features and API" section.
Install the file from the CDN and access the methods via window.storyblokVue
:
<script src="https://unpkg.com/@storyblok/vue"></script>
@storyblok/vue
does three actions when you initialize it:
storyblokApi
object in your app, which is an instance of storyblok-js-clientv-editable
directive to link editable components to the Storyblok Visual EditorLoad globally the Vue components you want to link to Storyblok in your main.js file:
import Page from "./components/Page.vue";
import Teaser from "./components/Teaser.vue";
app.use(StoryblokVue, {
accessToken: "<your-token>",
use: [apiPlugin],
});
app.component("Page", Page);
app.component("Teaser", Teaser);
Use useStoryblok
in your pages to fetch Storyblok stories and listen to real-time updates, as well as StoryblokComponent
to render any component you've loaded before, like in this example:
<script setup>
import { useStoryblok } from "@storyblok/vue";
const story = await useStoryblok("path-to-story", { version: "draft" });
</script>
<template>
<StoryblokComponent v-if="story" :blok="story.content" />
</template>
You can easily render rich text by using the renderRichText
function that comes with @storyblok/vue
and a Vue computed property:
<template>
<div v-html="articleContent"></div>
</template>
<script setup>
import { computed } from "vue";
import { renderRichText } from "@storyblok/vue";
const articleContent = computed(() => renderRichText(blok.articleContent));
</script>
You can set a custom Schema and component resolver globally at init time by using the richText
init option:
import { RichTextSchema, StoryblokVue } from "@storyblok/vue";
import cloneDeep from "clone-deep";
const mySchema = cloneDeep(RichTextSchema); // you can make a copy of the default RichTextSchema
// ... and edit the nodes and marks, or add your own.
// Check the base RichTextSchema source here https://github.com/storyblok/storyblok-js-client/blob/master/source/schema.js
app.use(StoryblokVue, {
accessToken: "YOUR_ACCESS_TOKEN",
use: [apiPlugin],
richText: {
schema: mySchema,
resolver: (component, blok) => {
switch (component) {
case "my-custom-component":
return `<div class="my-component-class">${blok.text}</div>`;
default:
return "Resolver not defined";
}
},
},
});
You can also set a custom Schema and component resolver only once by passing the options as the second parameter to renderRichText
function:
import { renderRichText } from "@storyblok/vue";
renderRichText(blok.richTextField, {
schema: mySchema,
resolver: (component, blok) => {
switch (component) {
case "my-custom-component":
return `<div class="my-component-class">${blok.text}</div>`;
break;
default:
return `Component ${component} not found`;
}
},
});
Inject storyblokApi
when using Composition API:
<template>
<div>
<p v-for="story in stories" :key="story.id">{{ story.name }}</p>
</div>
</template>
<script setup>
import { useStoryblokApi } from "@storyblok/vue";
const storyblokApi = useStoryblokApi();
const { data } = await storyblokApi.get("cdn/stories/home", { version: "draft" });
</script>
Note: you can skip using
apiPlugin
if you prefer your own method or function to fetch your data.
Use useStoryBridge
to get the new story every time is triggered a change
event from the Visual Editor. You need to pass the story id as first param, and a callback function as second param to update the new story:
<script setup>
import { onMounted } from "vue";
import { useStoryblokBridge, useStoryblokApi } from "@storyblok/vue";
const storyblokApi = useStoryblokApi();
const { data } = await storyblokApi.get("cdn/stories/home", { version: "draft" });
const state = reactive({ story: data.story });
onMounted(() => {
useStoryblokBridge(state.story.id, story => (state.story = story));
});
</script>
You can pass Bridge options as a third parameter as well:
useStoryblokBridge(state.story.id, (story) => (state.story = story), {
resolveRelations: ["Article.author"],
});
For every component you've defined in your Storyblok space, add the v-editable
directive with the blok content:
<template>
<div v-editable="blok"><!-- ... --></div>
</template>
Where blok
is the actual blok data coming from Storblok's Content Delivery API.
Check out the playground for a full example.
You can choose the features to use when you initialize the plugin. In that way, you can improve Web Performance by optimizing your page load and save some bytes.
This example of useStoryblok
:
<script setup>
import { useStoryblok } from "@storyblok/vue";
const story = await useStoryblok("home", { version: "draft" });
</script>
Is equivalent to the following, using useStoryblokBridge
and useStoryblokApi
:
<script setup>
import { onMounted } from "vue";
import { useStoryblokBridge, useStoryblokApi } from "@storyblok/vue";
const storyblokApi = useStoryblokApi();
const { data } = await storyblokApi.get("cdn/stories/home", { version: "draft" });
const state = reactive({ story: data.story });
onMounted(() => {
useStoryblokBridge(state.story.id, story => (state.story = story));
});
</script>
You can use an apiOptions
object. This is passed down to the (storyblok-js-client config object](https://github.com/storyblok/storyblok-js-client#class-storyblok). For spaces created in the United States, you have to set the region
parameter accordingly { apiOptions: { region: 'us' } }
.
app.use(StoryblokVue, {
accessToken: "<your-token>",
apiOptions: {
// storyblok-js-client config object
cache: { type: "memory" },
},
use: [apiPlugin],
});
If you prefer to use your own fetch method, just remove the apiPlugin
and storyblok-js-client
won't be added to your application.
app.use(StoryblokVue);
You can conditionally load it by using the bridge
option. Very useful if you want to disable it in production:
app.use(StoryblokVue, {
bridge: process.env.NODE_ENV !== "production",
});
In case you need it, you have still access to the raw window.StoryblokBridge
:
const sbBridge = new window.StoryblokBridge(options);
sbBridge.on(["input", "published", "change"], (event) => {
// ...
});
This plugin is for Vue 3. Thus, it supports the same browsers as Vue 3. In short: all modern browsers, dropping IE support.
Please see our contributing guidelines and our code of conduct. This project use semantic-release for generate new versions by using commit messages and we use the Angular Convention to naming the commits. Check this question about it in semantic-release FAQ.
FAQs
Storyblok directive for get editable elements.
The npm package @storyblok/vue receives a total of 13,346 weekly downloads. As such, @storyblok/vue popularity was classified as popular.
We found that @storyblok/vue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.