Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-jsx-remove-qa
Advanced tools
You may want to consider using
babel-plugin-jsx-remove-data-test-id
over this package, since we believe it is more delcarative and works well as a uniform approach for both unit testing, and end to end.
Remove QA classes from your production builds.
It's not a good idea to hang unit tests off production CSS classes or DOM elements for a couple of reasons:
.o-some-class
selector couples our test to the CSS; making changes can be expensive from a maintainance point of view, whether they are coming from the CSS or the tests<span />
or <p>
can be equally as difficult to maintain; these things move around so if your looking for .first()
you might get a nasty surpriseWe wanted to decouple our tests from the production CSS, but quite liked what class selectors gave us, so we started to add className="qa-some-class"
to our React components.
This is good because, by convention, our UI guys never style to these classes so when we want to move stuff around - we just do it, and so do they.
The problem is, left untreated, these things can makes their way into your production code. Not good.
npm install babel-plugin-jsx-remove-qa --save-dev
Add this to you babel config plugins
plugins: [
'babel-plugin-jsx-remove-qa',
{
attributes: ['cssClassName'] // Another attribute you might want to remove
}
]
Add classnames to your react components
return (
<div>
<p className="qa-component-text">{someText}</p>
<ChildComponent cssClassName="qa-child-component" {...props] />
</div>
);
Make sure the plugins are part of your webpack build, and that's it. .qa-classes
will be stripped.
At the moment this only works on string literals, but at some point we'll be adding support for expressions too.
FAQs
babel plugin to remove-qa-classes
We found that babel-plugin-jsx-remove-qa demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.