Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@vue/compiler-sfc
Advanced tools
The @vue/compiler-sfc package is designed for pre-compiling Vue Single File Components (SFCs). It provides parsing and compiling functionalities for Vue components, allowing developers to compile template syntax to render functions, extract custom blocks, and handle scoped CSS, among other things.
Parsing Single File Components
This feature allows you to parse Vue SFCs into an object descriptor that contains the structure of the component, including its template, script, and styles.
const { parse } = require('@vue/compiler-sfc');
const { descriptor } = parse('<template><div>Hello World</div></template>');
Compiling Template to Render Function
This feature compiles the template part of a Vue SFC into a JavaScript render function, which can be used by Vue to render the component.
const { compileTemplate } = require('@vue/compiler-sfc');
const { code } = compileTemplate({ source: '<div>{{ message }}</div>', filename: 'example.vue' });
Handling Scoped CSS
This feature processes the style part of a Vue SFC, adding scoping attributes to the styles to ensure they only apply to the current component.
const { compileStyle } = require('@vue/compiler-sfc');
const { code } = compileStyle({ source: '.example { color: red; }', filename: 'example.vue', scoped: true });
Extracting Custom Blocks
This feature allows you to extract custom blocks from a Vue SFC, which can be used for documentation, testing, or other purposes.
const { parse } = require('@vue/compiler-sfc');
const { descriptor } = parse('<custom-block>Some content</custom-block>');
const customBlockContent = descriptor.customBlocks[0].content;
This package is similar to @vue/compiler-sfc but is specific to Vue 2. It compiles Vue 2 templates into render functions but does not handle Vue 3's composition API or the newer SFC syntax.
Svelte is a compiler for Svelte components, which are similar to Vue SFCs. It compiles Svelte components into efficient JavaScript at build time, but it is for a different framework and has a different syntax and API.
Part of the Create React App setup, react-scripts includes functionality to compile React components, including JSX transformation. While it serves a similar purpose for React as @vue/compiler-sfc does for Vue, it is tailored to the React ecosystem.
Lower level utilities for compiling Vue Single File Components
Note: as of 3.2.13+, this package is included as a dependency of the main vue
package and can be accessed as vue/compiler-sfc
. This means you no longer need to explicitly install this package and ensure its version match that of vue
's. Just use the main vue/compiler-sfc
deep import instead.
This package contains lower level utilities that you can use if you are writing a plugin / transform for a bundler or module system that compiles Vue Single File Components (SFCs) into JavaScript. It is used in vue-loader and @vitejs/plugin-vue.
The API is intentionally low-level due to the various considerations when integrating Vue SFCs in a build system:
Separate hot-module replacement (HMR) for script, template and styles
Leveraging the tool's plugin system for pre-processor handling. e.g. <style lang="scss">
should be processed by the corresponding webpack loader.
In some cases, transformers of each block in an SFC do not share the same execution context. For example, when used with thread-loader
or other parallelized configurations, the template sub-loader in vue-loader
may not have access to the full SFC and its descriptor.
The general idea is to generate a facade module that imports the individual blocks of the component. The trick is the module imports itself with different query strings so that the build system can handle each request as "virtual" modules:
+--------------------+
| |
| script transform |
+----->+ |
| +--------------------+
|
+--------------------+ | +--------------------+
| | | | |
| facade transform +----------->+ template transform |
| | | | |
+--------------------+ | +--------------------+
|
| +--------------------+
+----->+ |
| style transform |
| |
+--------------------+
Where the facade module looks like this:
// main script
import script from '/project/foo.vue?vue&type=script'
// template compiled to render function
import { render } from '/project/foo.vue?vue&type=template&id=xxxxxx'
// css
import '/project/foo.vue?vue&type=style&index=0&id=xxxxxx'
// attach render function to script
script.render = render
// attach additional metadata
// some of these should be dev only
script.__file = 'example.vue'
script.__scopeId = 'xxxxxx'
// additional tooling-specific HMR handling code
// using __VUE_HMR_API__ global
export default script
In facade transform, parse the source into descriptor with the parse
API and generate the above facade module code based on the descriptor;
In script transform, use compileScript
to process the script. This handles features like <script setup>
and CSS variable injection. Alternatively, this can be done directly in the facade module (with the code inlined instead of imported), but it will require rewriting export default
to a temp variable (a rewriteDefault
convenience API is provided for this purpose) so additional options can be attached to the exported object.
In template transform, use compileTemplate
to compile the raw template into render function code.
In style transform, use compileStyle
to compile raw CSS to handle <style scoped>
, <style module>
and CSS variable injection.
Options needed for these APIs can be passed via the query string.
For detailed API references and options, check out the source type definitions. For actual usage of these APIs, check out @vitejs/plugin-vue or vue-loader.
FAQs
@vue/compiler-sfc
We found that @vue/compiler-sfc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.