Security News
The Code You Didn't Write Is Still Yours to Defend
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.
By Brad Arkin - Jun 23, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@tabularis/plugin-api
Advanced tools
@tabularis/plugin-api
Public API surface for Tabularis plugin UI extensions.
Plugin bundles import hooks, the defineSlot helper, and shared types from this package. The Tabularis host injects the actual runtime implementation — the published package ships as thin stubs, so your bundle stays small and the host remains the single source of truth.
Install
npm install --save-dev @tabularis/plugin-api
# or: pnpm add -D @tabularis/plugin-api
Treat @tabularis/plugin-api and react as Vite externals when building your IIFE bundle — the host provides both at runtime.
Quick start — a typed slot component
import { defineSlot, usePluginConnection } from "@tabularis/plugin-api";
const MySlot = defineSlot(
"row-editor-sidebar.field.after",
({ context }) => {
const { driver } = usePluginConnection();
// context.columnName is `string` (not `string | undefined`) because the
// chosen slot always provides it.
return <div>{driver} · {context.columnName}</div>;
},
);
export default MySlot.component;
Hooks
| Hook | Returns | Purpose |
|---|---|---|
usePluginQuery() | { executeQuery, loading, error } | Execute read-only queries on the active connection |
usePluginConnection() | { connectionId, driver, schema } | Active connection metadata |
usePluginToast() | { showInfo, showError, showWarning } | System notifications |
usePluginModal() | { openModal, closeModal } | Host-managed modal with custom content |
usePluginSetting(pluginId) | { getSetting, setSetting, setSettings } | Read/write the plugin's own settings |
usePluginTheme() | { themeId, themeName, isDark, colors } | Current theme tokens |
usePluginTranslation(pluginId) | t(key) | Plugin-scoped i18next translator |
openUrl(url) | Promise<void> | Open a URL in the system browser |
All hooks must run inside a React component loaded by Tabularis. Calling them outside the host throws a clear error instead of failing silently.
Compatibility
The package exports API_VERSION and MIN_HOST_VERSION. Plugin authors can opt in to a fail-fast compatibility check at component entry:
import { assertHostCompat } from "@tabularis/plugin-api";
assertHostCompat(); // throws if the running Tabularis is older than MIN_HOST_VERSION
| Package version | Minimum Tabularis | Notes |
|---|---|---|
0.1.0 | 0.1.0 (see host HOST_API_VERSION) | Initial release |
Slot reference
See the full slot list and context contracts in plugins/PLUGIN_GUIDE.md § 3b and the typed SlotContextMap in src/slots.ts.
License
Apache-2.0, same as Tabularis.
FAQs
Public API surface for Tabularis plugin UI extensions.
We found that @tabularis/plugin-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 21 Apr 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
By Sarah Gooding - Jun 20, 2026
Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026