Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@wordpress/components
Advanced tools
This package includes a library of generic WordPress components to be used for creating common UI elements shared between screens and features of the WordPress dashboard.
Install the module
npm install @wordpress/components --save
This package assumes that your code will run in an ES2015+ environment. If you're using an environment that has limited or no support for such language features and APIs, you should include the polyfill shipped in @wordpress/babel-preset-default
in your code.
Within Gutenberg, these components can be accessed by importing from the components
root directory:
/**
* WordPress dependencies
*/
import { Button } from '@wordpress/components';
export default function MyButton() {
return <Button>Click Me!</Button>;
}
Many components include CSS to add style, you will need to add in order to appear correctly. Within WordPress, add the wp-components
stylesheet as a dependency of your plugin's stylesheet. See wp_enqueue_style documentation for how to specify dependencies.
In non-WordPress projects, link to the build-style/style.css
file directly, it is located at node_modules/@wordpress/components/build-style/style.css
.
If you're using Popover
or Tooltip
components outside of the editor, make sure they are rendered within a SlotFillProvider
and with a Popover.Slot
somewhere up the element tree.
By default, the Popover
component will render inline i.e. within its
parent to which it should anchor. Depending upon the context in which the
Popover
is being consumed, this might lead to incorrect positioning. For
example, when being nested within another popover.
This issue can be solved by rendering popovers to a specific location in the DOM via the
Popover.Slot
. For this to work, you will need your use of the Popover
component and its Slot
to be wrapped in a SlotFill
provider.
A Popover
is also used as the underlying mechanism to display Tooltip
components.
So the same considerations should be applied to them.
The following example illustrates how you can wrap a component using a
Popover
and have those popovers render to a single location in the DOM.
/**
* External dependencies
*/
import { Popover, SlotFillProvider } from '@wordpress/components';
/**
* Internal dependencies
*/
import { MyComponentWithPopover } from './my-component';
const Example = () => {
<SlotFillProvider>
<MyComponentWithPopover />
<Popover.Slot>
</SlotFillProvider>
};
You can browse the components docs and examples at https://wordpress.github.io/gutenberg/
This is an individual package that's part of the Gutenberg project. The project is organized as a monorepo. It's made up of multiple self-contained software packages, each with a specific purpose. The packages in this monorepo are published to npm and used by WordPress as well as other software projects.
To find out more about contributing to this package or Gutenberg as a whole, please read the project's main contributor guide.
This package also has its own contributing information where you can find additional details.
FAQs
UI components for WordPress.
We found that @wordpress/components demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 23 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.