Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@vue/babel-plugin-transform-vue-jsx
Advanced tools
@vue/babel-plugin-transform-vue-jsx is a Babel plugin that allows you to use JSX syntax in Vue.js applications. This plugin transforms JSX into Vue render functions, enabling a more React-like development experience within the Vue ecosystem.
Basic JSX Syntax
This feature allows you to write Vue components using JSX syntax, which can be more concise and readable compared to traditional Vue templates.
const MyComponent = { render() { return <div>Hello, JSX!</div>; } };
Using Props
You can easily pass props to your components using JSX, making it straightforward to manage dynamic data.
const MyComponent = { props: ['message'], render() { return <div>{this.message}</div>; } };
Event Handling
JSX syntax allows for inline event handling, making it easy to attach event listeners directly within your render functions.
const MyComponent = { render() { return <button onClick={() => alert('Clicked!')}>Click Me</button>; } };
Conditional Rendering
Conditional rendering in JSX is straightforward, allowing you to use JavaScript expressions to determine what gets rendered.
const MyComponent = { data() { return { isVisible: true }; }, render() { return this.isVisible ? <div>Visible</div> : <div>Hidden</div>; } };
Looping Through Data
JSX makes it easy to loop through arrays and render lists of elements, leveraging JavaScript's array methods.
const MyComponent = { data() { return { items: ['Item 1', 'Item 2', 'Item 3'] }; }, render() { return <ul>{this.items.map(item => <li>{item}</li>)}</ul>; } };
This Babel plugin transforms JSX syntax into React.createElement calls. It is primarily used in React projects and offers similar functionality to @vue/babel-plugin-transform-vue-jsx but is tailored for React instead of Vue.
vue-jsx is another package that provides JSX support for Vue.js. It offers similar functionality to @vue/babel-plugin-transform-vue-jsx but may have different configuration options and performance characteristics.
This plugin allows you to use JSX with any library by specifying a pragma. It is more flexible than @vue/babel-plugin-transform-vue-jsx but requires additional configuration to work with Vue.
Babel plugin for Vue 2.0 JSX
Assumes you are using Babel with a module bundler e.g. Webpack, because the spread merge helper is imported as a module to avoid duplication.
This is mutually exclusive with babel-plugin-transform-react-jsx
.
npm install @vue/babel-plugin-transform-vue-jsx --save-dev
npm install @vue/babel-helper-vue-jsx-merge-props --save
In your .babelrc
:
{
"plugins": ["transform-vue-jsx"]
}
However it is recommended to use the configurable preset instead.
The plugin transpiles the following JSX:
<div id="foo">{this.text}</div>
To the following JavaScript:
h(
'div',
{
attrs: {
id: 'foo',
},
},
[this.text],
)
Note the h
function, which is a shorthand for a Vue instance's $createElement
method, must be in the scope where the JSX is. Since this method is passed to component render functions as the first argument, in most cases you'd do this:
Vue.component('jsx-example', {
render(h) {
// <-- h must be in scope
return <div id="foo">bar</div>
},
})
First, Vue 2.0's vnode format is different from React's. The second argument to the createElement
call is a "data object" that accepts nested objects. Each nested object will be then processed by corresponding modules:
render (h) {
return h('div', {
// Component props
props: {
msg: 'hi'
},
// Normal HTML attributes
attrs: {
id: 'foo'
},
// DOM props
domProps: {
innerHTML: 'bar'
},
// Event handlers are nested under "on", though
// modifiers such as in v-on:keyup.enter are not
// supported. You'll have to manually check the
// keyCode in the handler instead.
on: {
click: this.clickHandler
},
// For components only. Allows you to listen to
// native events, rather than events emitted from
// the component using vm.$emit.
nativeOn: {
click: this.nativeClickHandler
},
// Class is a special module, same API as `v-bind:class`
class: {
foo: true,
bar: false
},
// Style is also same as `v-bind:style`
style: {
color: 'red',
fontSize: '14px'
},
// Other special top-level properties
key: 'key',
ref: 'ref',
// Assign the `ref` is used on elements/components with v-for
refInFor: true,
slot: 'slot'
})
}
The equivalent of the above in Vue 2.0 JSX is:
render (h) {
return (
<div
// Component props
propsMsg="hi"
// Normal attributes or component props.
id="foo"
// DOM properties are prefixed with `domProps`
domPropsInnerHTML="bar"
// event listeners are prefixed with `on` or `nativeOn`
onClick={this.clickHandler}
nativeOnClick={this.nativeClickHandler}
// other special top-level properties
class={{ foo: true, bar: false }}
style={{ color: 'red', fontSize: '14px' }}
key="key"
ref="ref"
// assign the `ref` is used on elements/components with v-for
refInFor
slot="slot">
</div>
)
}
If a custom element starts with lowercase, it will be treated as a string id and used to lookup a registered component. If it starts with uppercase, it will be treated as an identifier, which allows you to do:
import Todo from './Todo.js'
export default {
render(h) {
return <Todo /> // no need to register Todo via components option
},
}
JSX spread is supported, and this plugin will intelligently merge nested data properties. For example:
const data = {
class: ['b', 'c'],
}
const vnode = <div class="a" {...data} />
The merged data will be:
{ class: ['a', 'b', 'c'] }
Vue directives are usable the same way as in template with a few key differences:
v-my-directive
)A full example would be: <MyComponent vMyDirective:argument_modifier1_modifier2={someExpression} />
FAQs
Babel plugin for Vue 2.0 JSX
The npm package @vue/babel-plugin-transform-vue-jsx receives a total of 591,071 weekly downloads. As such, @vue/babel-plugin-transform-vue-jsx popularity was classified as popular.
We found that @vue/babel-plugin-transform-vue-jsx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.