Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@yaireo/tagify
Advanced tools
Convert an input field into a Tags element. Easy, customizable, with good performance and small code footprint.
Transforms an input field or a textarea into a Tags component, in an easy, customizable way, with great performance and tiny code footprint.
npm i @yaireo/tagify --save
// usage:
import Tagify from '@yaireo/tagify'
var tagify = new Tagify(...)
~17kb
(~6kb
GZIP)~5kb
(~2kb
GZIP) - well-crafted flexible codetagify.polyfills.min.js
in /dist
tag 1, tag 2, tag 3
hellip
by giving max-width
to the tag
element in your CSS
Simply run gulp
in your terminal, from the project's path (Gulp should be installed first).
Source files are this path: /src/
Output files, which are automatically generated using Gulp, are in: /dist/
The rest of the files are most likely irrelevant.
var tagify = new Tagify(...);
tagify.addTags(["banana", "orange", "apple"])
// or add tags with pre-defined propeties
tagify.addTags([{value:"banana", color:"yellow"}, {value:"apple", color:"red"}, {value:"watermelon", color:"green"}])
There are two possible ways to get the value of the tags:
value
prop: tagify.value
(Array of tags)inputElm.value
(Stringified Array of tags)It's possible to load a dynamic suggestions list (whitelist) from the server, as the user types.
Below is just an rough example using the fetch
API. I advise in real-life scenario to abort the last request
on any input
var input = document.querySelector('input'),
tagify = new Tagify(input, {whitelist:[]}),
controller; // for aborting the call
// listen to any keystrokes which modify tagify's input
tagify.on('input', onInput)
function onInput( e ){
var value = e.detail;
tagify.settings.whitelist.length = 0; // reset the whitelist
// https://developer.mozilla.org/en-US/docs/Web/API/AbortController/abort
controller && controller.abort();
controller = new AbortController();
fetch('http://get_suggestions.com?value=' + value, {signal:controller.signal})
.then(RES => RES.json())
.then(function(whitelist){
tagify.settings.whitelist = whitelist;
tagify.dropdown.show.call(tagify, value); // render the suggestions dropdown
})
}
The suggestions selectbox is shown is a whitelist Array of Strings or Objects was passed in the settings when the Tagify instance was created. Suggestions list will only be rendered if there were at least two sugegstions found. Matching suggested values is case-insensetive. The selectbox dropdown will be appended to the document's "body" element and will be positioned under the element. Using the keyboard arrows up/down will highlight an option from the list, and hitting the Enter key to select.
It is possible to tweak the selectbox dropdown via 2 settings:
var input = document.querySelector('input'),
tagify = new Tagify(input, {
whitelist : ['aaa', 'aaab', 'aaabb', 'aaabc', 'aaabd', 'aaabe', 'aaac', 'aaacc'],
dropdown : {
classname : "color-blue",
enabled : 3,
maxItems : 5
}
});
Will render:
<div class="tagify__dropdown" style="left: 993.5px; top: 106.375px; width: 616px;">
<div class="tagify__dropdown__item" value="aaab">aaab</div>
<div class="tagify__dropdown__item" value="aaabb">aaabb</div>
<div class="tagify__dropdown__item" value="aaabc">aaabc</div>
<div class="tagify__dropdown__item" value="aaabd">aaabd</div>
<div class="tagify__dropdown__item" value="aaabe">aaabe</div>
</div>
Tags which aren't read-only
can be edited by double-clicking them.
The value is saved on blur
or by pressnig enter
key. Pressing Escaspe
will revert the change trigger blur
.
react.tagify.js
React component using the Tagify's Wrapper <Tags>
:
import { Tags } from '@yaireo/tagify/dist/react.tagify'
// setup some basic Tagify settings object
var tagifySettings = {
blacklist : ["fuck", "shit"]
}
// Demo "App" component that is using the Tagify React component (<Tags/>)
class App extends React.Component {
constructor(props) {
super(props);
tagifySettings.callbacks = {
add : this.onTagifyAdd,
remove : this.onTagifyRemove,
input : this.onTagifyInput,
invalid : this.onTagifyInvalid
}
}
componentDidMount(){}
// callbacks for all of Tagify's events:
onTagifyAdd = e => {
console.log('added:', e.detail);
}
onTagifyRemove = e => {
console.log('remove:', e.detail);
}
onTagifyInput = e => {
console.log('input:', e.detail);
}
onTagifyInvalid = e => {
console.log('invalid:', e.detail);
}
// Render <Textarea> element and applies Tagify on it
render(){
return (
<Tags mode='textarea'
autofocus={true}
className='myInput'
name='tags'
settings={tagifySettings}
initialValue='foo, bar, baz' />
)
}
}
ReactDOM.render(<App />, document.getElementById('app'))
TagifyComponent which will be used by your template as <tagify>
Example:
<div>
testing tagify wrapper
<tagify [settings]="settings"
(add)="onAdd($event)"
(remove)="onRemove($event)">
</tagify>
<button (click)="clearTags()">clear</button>
<button (click)="addTags()">add Tags</button>
</div>
TagifyService
(The tagifyService is a singletone injected by angular, do not create a new instance of it)
import {Component, OnDestroy} from '@angular/core';
import {TagifyService} from 'ngTagify';
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent implements OnDestroy {
constructor(private tagifyService: TagifyService) {}
public settings = { blacklist: ['fucking', 'shit']};
onAdd(tagify) {
console.log('added a tag', tagify);
}
onRemove(tags) {
console.log('removed a tag', tags);
}
clearTags() {
this.tagifyService.removeAll();
}
addTags() {
this.tagifyService.addTags(['this', 'is', 'cool']);
}
ngOnDestroy() {
this.tagifyService.destroy();
}
}
jQuery.tagify.js
A jQuery wrapper verison is also available, but I advise not using it because it's basically the exact same as the "normal" script (non-jqueryfied) and all the jQuery's wrapper does is allowing to chain the event listeners for ('add', 'remove', 'invalid')
$('[name=tags]')
.tagify()
.on('add', function(e, tagName){
console.log('added', tagName)
});
Name | Info |
---|---|
destroy | Reverts the input element back as it was before Tagify was applied |
removeAllTags | Removes all tags and resets the original input tag's value property |
addTags | Accepts a String (word, single or multiple with a delimiter), an Array of Objects (see above) or Strings |
removeTag | Removes a specific tag (argument is the tag DOM element to be removed. see source code.) |
loadOriginalValues | Converts the input's value into tags. This method gets called automatically when instansiating Tagify |
getTagIndexByValue | |
getTagElmByValue |
Name | Info |
---|---|
add | A tag has been added |
remove | A tag has been removed |
invalid | A tag has been added but did not pass vaildation. See event detail |
input | On Input event |
Name | Type | Default | Info |
---|---|---|---|
delimiters | String | "," | [regex] split tags by any of these delimiters. Example: ", |
pattern | String | null | Validate input by REGEX pattern (can also be applied on the input itself as an attribute) Ex: /[1-9]/ |
mode | String | null | use 'mix' as value to allow mixed-content. The 'pattern' setting must be set to some character. |
duplicates | Boolean | false | (flag) Should duplicate tags be allowed or not |
enforceWhitelist | Boolean | false | Should ONLY use tags allowed in whitelist |
autocomplete | Boolean | true | Tries to autocomplete the input's value while typing (match from whitelist) |
whitelist | Array | [] | An array of tags which only they are allowed |
blacklist | Array | [] | An array of tags which aren't allowed |
addTagOnBlur | Boolean | true | Automatically adds the text which was inputed as a tag when blur event happens |
callbacks | Object | {} | Exposed callbacks object to be triggered on events: 'add' / 'remove' tags |
maxTags | Number | Infinity | Maximum number of allowed tags. when reached, adds a class "hasMaxTags" to <Tags> |
transformTag | Function | undefined | Takes a tag input as argument and returns a transformed value |
tagTemplate | Function | undefined | Takes a tag's value and data as arguments and returns an HTML string for a tag element |
keepInvalidTags | Boolean | false | If true, do not remove tags which did not pass validation |
dropdown.enabled | Number | 2 | Minimum characters to input to show the suggestions list. "false" to disable |
dropdown.maxItems | Number | 10 | Maximum items to show in the suggestions list dropdown |
dropdown.classname | String | "" | Custom class name for the dropdown suggestions selectbox |
dropdown.itemTemplate | Function | "" | Returns a custom string for each list item in the dropdown suggestions selectbox |
FAQs
lightweight, efficient Tags input component in Vanilla JS / React / Angular [super customizable, tiny size & top performance]
The npm package @yaireo/tagify receives a total of 63,401 weekly downloads. As such, @yaireo/tagify popularity was classified as popular.
We found that @yaireo/tagify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.