Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@vue/reactivity-transform
Advanced tools
The @vue/reactivity-transform package is part of the Vue.js ecosystem, designed to enhance the developer experience by providing syntactic sugar for the Vue Composition API. It allows developers to write reactive code in a more concise and readable manner by automatically wrapping reactive state and refs without the need for explicit calls to `ref()` or `reactive()` functions. This package leverages compile-time transformations to achieve this, making the code both cleaner and easier to understand.
Automatic Ref Creation
Automatically creates a Vue ref (reactive reference) from a simple assignment. This eliminates the need to explicitly call `ref()` from Vue's Composition API, making the code cleaner and more intuitive.
let count = $ref(0);
function increment() {
count++;
}
Reactive Declarations
Enables the creation of computed properties in a more concise way. By using `$computed`, it simplifies the syntax required to declare reactive computed properties, making the code more readable.
let doubled = $computed(() => count * 2);
Reactive Effects
Facilitates the creation of side effects that automatically track reactive dependencies. Using `$effect`, developers can easily define behavior that responds to changes in reactive data, without the boilerplate code typically associated with setting up watchers.
$effect(() => {
console.log(`count is: ${count}`);
});
MobX is a state management library that also focuses on making state as reactive as possible. It differs from @vue/reactivity-transform in that it's not tied to the Vue ecosystem and offers its own set of APIs for creating observables, computed values, and reactions. MobX can be used with any framework, making it more versatile, but potentially more verbose for Vue-specific projects.
Immer is a package that allows you to work with immutable state in a more convenient way. While it doesn't offer reactive programming features out of the box like @vue/reactivity-transform, it simplifies the process of updating complex state objects in an immutable manner. Immer is framework-agnostic and focuses on producing the next immutable state by applying a draft state, which is a different approach compared to the reactive transformations provided by @vue/reactivity-transform.
⚠️ This is experimental and the proposal has been dropped. The feature is now marked as deprecated and will be removed from Vue core in 3.4.
See reason for deprecation here.
$
-prefixed versions that create reactive variables instead. They also do not need to be explicitly imported. These include:
ref
computed
shallowRef
customRef
toRef
$()
can be used to destructure an object into reactive variables, or turn existing refs into reactive variables$$()
to "escape" the transform, which allows access to underlying refsimport { watchEffect } from 'vue'
// bind ref as a variable
let count = $ref(0)
watchEffect(() => {
// no need for .value
console.log(count)
})
// assignments are reactive
count++
// get the actual ref
console.log($$(count)) // { value: 1 }
Macros can be optionally imported to make it more explicit:
// not necessary, but also works
import { $, $ref } from 'vue/macros'
let count = $ref(0)
const { x, y } = $(useMouse())
To enable types for the macros globally, include the following in a .d.ts
file:
/// <reference types="vue/macros-global" />
This package is the lower-level transform that can be used standalone. Higher-level tooling (e.g. @vitejs/plugin-vue
and vue-loader
) will provide integration via options.
shouldTransform
Can be used to do a cheap check to determine whether full transform should be performed.
import { shouldTransform } from '@vue/reactivity-transform'
shouldTransform(`let a = ref(0)`) // false
shouldTransform(`let a = $ref(0)`) // true
transform
import { transform } from '@vue/reactivity-transform'
const src = `let a = $ref(0); a++`
const {
code, // import { ref as _ref } from 'vue'; let a = (ref(0)); a.value++"
map
} = transform(src, {
filename: 'foo.ts',
sourceMap: true,
// @babel/parser plugins to enable.
// 'typescript' and 'jsx' will be auto-inferred from filename if provided,
// so in most cases explicit parserPlugins are not necessary
parserPlugins: [
/* ... */
]
})
Options
interface RefTransformOptions {
filename?: string
sourceMap?: boolean // default: false
parserPlugins?: ParserPlugin[]
importHelpersFrom?: string // default: "vue"
}
transformAST
Transform with an existing Babel AST + MagicString instance. This is used internally by @vue/compiler-sfc
to avoid double parse/transform cost.
import { transformAST } from '@vue/reactivity-transform'
import { parse } from '@babel/parser'
import MagicString from 'magic-string'
const src = `let a = $ref(0); a++`
const ast = parse(src, { sourceType: 'module' })
const s = new MagicString(src)
const {
rootRefs, // ['a']
importedHelpers // ['ref']
} = transformAST(ast, s)
console.log(s.toString()) // let a = _ref(0); a.value++
FAQs
@vue/reactivity-transform
The npm package @vue/reactivity-transform receives a total of 1,042,369 weekly downloads. As such, @vue/reactivity-transform popularity was classified as popular.
We found that @vue/reactivity-transform demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.