Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-split-styles
Advanced tools
This is a PROOF OF CONCEPT. It will be a babel preset using Emotion as a dependency to give a supersweet experience styling your apps.
CSS-IN-JSS libraries has come a long way to help you effectively define and isolate CSS. There are still some challenges though.
Dynamic styling should really always be treated as inline styles. For example:
styled.div(({ width }) => ({
width: width + "px"
}))
There are no limits to have many class names that might be produced.
If you happen to send a property that is also an HTML attribute it will leak into the DOM.
styled.div(({ disabled }) => ({
}))
Tools like Emotion exposes a custom pragma named jsx which allows you to use a css attribute on your components that are converted into classnames. The problem here is the tricky setup, especially with Typescript.
Having to think about styles vs CSS is just a completely unnecessary overhead. You should not be thinking about any of this at all. You should just style your components and everything is handled for you.
The project emotion.sh is pretty amazing, but through its iterations it is trying to do too many things. This library takes the increadible innovation made by Emotion to remove the overhead of thinking styles vs css, optimizing, server side rendering etc. It just works!
This POC requires you to install emotion and @emotion/babel-preset-css-prop, but will later become one package which has the dependencies needed.
The first thing to know is that you are going to write all your styling inline. This might sound crazy, but you have to leave your deep knowledge of styling vs css, classnames and everything else behind. Think about the best possible developer experience you can imagine, where none of this knowledge and mental overhead is needed. You just define your styles:
import React from "react"
function App() {
const [toggle, setToggle] = React.useState(false);
return (
<h1
onClick={() => setToggle(!toggle)}
style={{
color: 'green',
background: toggle ? 'blue' : 'white'
}}
>
Hello World
</h1>
);
}
Note that we are defining one static style, named color. We are also defining a dynamic style named background. This tool understands the difference and will make the static part a class and the dynamic part an inline style.
import React from "react"
function App() {
const [toggle, setToggle] = React.useState(false);
return (
<h1
onClick={() => setToggle(!toggle)}
className="emotion-efoie3"
style={{ background: toggle ? 'blue' : 'white' }}
>
Hello World
</h1>
);
}
What is also important to notice here is that you can still just import React as normal. You do not need any special jsx
imports or similar.
import React from "react"
function App() {
const [toggle, setToggle] = React.useState(false);
return (
<h1
onClick={() => setToggle(!toggle)}
style={{
color: "red",
"&": {
":hover": {
color: "blue"
}
}
}}
>
Hello World
</h1>
);
}
The "&" property is used to identify that you are using a selector. This is especially important for typing.
Yeah! Because that means there is only one way to define styling. It is the most straight forward and simplest way to think about styling. But you might worry about messy code? That is just a matter of structure. For example, emotion and other libraries allows:
import styled from "@emotion/styled"
export const Wrapper = styled.div({
color: "red"
})
But there is no need for a custom API taking too many assumptions, causing issues with dynamic behaviour and leaking props to the DOM. Any time you think an element has too many inline styling, just move it to a function component:
import React from "react"
const Header = ({ onClick, children }) => (
<h1
onClick={onClick}
style={{
color: "red",
"&": {
":hover": {
color: "blue"
}
}
}}
>
{children}
</h1>
)
function App() {
const [toggle, setToggle] = React.useState(false);
return (
<Header
onClick={() => setToggle(!toggle)}
>
Hello World
</Header>
);
}
This is exactly what styled.div
does, but you are in control of it.
The important thing here is the developer experience. You never think about underlying technologies, you just use the style
attribute and style up your components. They are automatically optimized for dynamic/static behaviour and even doing server side rendering automatically extracts critical CSS for you.
FAQs
Splitting dynamic and static styles into style and css prop.
The npm package babel-plugin-split-styles receives a total of 0 weekly downloads. As such, babel-plugin-split-styles popularity was classified as not popular.
We found that babel-plugin-split-styles demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.