![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@vue/runtime-dom
Advanced tools
Package description
The @vue/runtime-dom package is a core part of Vue.js, specifically designed for working with the DOM in web browsers. It provides methods and utilities for managing the DOM, handling events, and rendering components dynamically. This package is essential for building interactive web applications using Vue.js.
DOM Manipulation
This feature allows developers to manipulate the DOM by creating and mounting Vue components. The code sample demonstrates how to create a simple Vue application that renders 'Hello World' inside a div element.
import { createApp, h } from 'vue';
const App = { render() { return h('div', 'Hello World'); } };
createApp(App).mount('#app');
Event Handling
This feature enables handling of user events such as clicks. The code sample shows how to create a Vue component with a button that alerts the user when clicked.
import { createApp, h } from 'vue';
const App = {
render() {
return h('button', {
onClick: this.handleClick
}, 'Click me');
},
methods: {
handleClick() {
alert('Button clicked');
}
}
};
createApp(App).mount('#app');
Component Rendering
This feature deals with rendering components within other components. The code sample illustrates how to define and render nested components using Vue's composition API.
import { createApp, defineComponent, h } from 'vue';
const ChildComponent = defineComponent({
render() {
return h('p', 'I am a child component');
}
});
const ParentComponent = defineComponent({
render() {
return h('div', [
h('h1', 'This is a parent component'),
h(ChildComponent)
]);
}
});
createApp(ParentComponent).mount('#app');
Similar to @vue/runtime-dom, react-dom is used with React to interact with the DOM in web applications. While @vue/runtime-dom is tailored for Vue.js, react-dom provides comparable functionalities for React, such as rendering components and handling events.
Angular is a full-fledged framework that includes its own methods for DOM manipulation and component management, similar to what @vue/runtime-dom offers for Vue.js. Angular's approach is more prescriptive with a stronger emphasis on structure and application architecture.
Changelog
3.4.1 (2023-12-30)
Read this blog post for an overview of the release highlights.
To fully leverage new features in 3.4, it is recommended to also update the following dependencies when upgrading to 3.4:
If using TSX with Vue, check actions needed in Removed: Global JSX Namespace.
Make sure you are no longer using any deprecated features (if you are, you should have warnings in the console telling you so). They may have been removed in 3.4.
once
option to watch (#9034) (a645e7a)using
syntax (#8786) (5b2bd1d)defineModel
support local mutation by default, remove local option (f74785b), closes /github.com/vuejs/rfcs/discussions/503#discussioncomment-7566278__VUE_PROD_HYDRATION_MISMATCH_DETAILS__
feature flag (#9550) (bc7698d)FunctionalComponent
(#8644) (927ab17)AriaAttributes
type (#8909) (fd0b6ba)ObjectPlugin
and FunctionPlugin
types (#8946) (fa4969e), closes #8577DefineProps
type (096ba81)PublicProps
type (#2403) (44135dc)h
with native elements (#9756) (a625376)ComponentInstance
type (#5408) (bfb8565)Starting in 3.4, Vue no longer registers the global JSX
namespace by default. This is necessary to avoid global namespace collision with React so that TSX of both libs can co-exist in the same project. This should not affect SFC-only users with latest version of Volar.
If you are using TSX, there are two options:
Explicitly set jsxImportSource to 'vue'
in tsconfig.json
before upgrading to 3.4. You can also opt-in per file by adding a /* @jsxImportSource vue */
comment at the top of the file.
If you have code that depends on the presence of the global JSX
namespace, e.g. usage of types like JSX.Element
etc., you can retain the exact pre-3.4 global behavior by explicitly referencing vue/jsx
, which registers the global JSX
namespace.
Note that this is a type-only breaking change in a minor release, which adheres to our release policy.
app.config.unwrapInjectedRef
has been removed. It was deprecated and enabled by default in 3.3. In 3.4 it is no longer possible to disable this behavior.@vnodeXXX
event listeners in templates are now a compiler error instead of a deprecation warning. Use @vue:XXX
listeners instead.v-is
directive has been removed. It was deprecated in 3.3. Use the is
attribute with vue:
prefix instead.Readme
import { h, createApp } from '@vue/runtime-dom'
const RootComponent = {
render() {
return h('div', 'hello world')
}
}
createApp(RootComponent).mount('#app')
FAQs
Unknown package
The npm package @vue/runtime-dom receives a total of 2,427,720 weekly downloads. As such, @vue/runtime-dom popularity was classified as popular.
We found that @vue/runtime-dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.