Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
block-editor-hmr
Advanced tools
Utilities to autoload and hot-reload WordPress Block Editor modules.
This library aims to make hot-reloading Gutenberg editor blocks & plugins as simple as possible.
Assuming your blocks are stored in a folder organized like this:
src
├── blocks
│ ├── block-a
│ │ └── index.js
│ ├── block-b
│ │ └── index.js
│ └── block-c
│ └── index.js
└── blocks.js
and that your block files export at minimum either a settings
object and name
string:
export const name = 'myplugin/block-a';
export const settings = {
title: 'Block A',
description: 'An excellent example block',
// icon, category, attributes, edit, save, etcetera
}
or a settings
object that has a name
string property (e.g., when using block.json
to manage your block's metadata):
import metadata from './block.json';
export const settings = {
...metadata
// edit, save, other dynamic data
}
then you can put this code in blocks.js
to automatically load and configure every block in your plugin:
/**
* blocks.js:
* Dynamically locate, load & register all Gutenberg blocks.
*/
import { autoloadBlocks } from 'block-editor-hmr';
// Load all block index files.
autoloadBlocks(
{
/**
* Return a project-specific require.context.
*/
getContext: () => require.context( './blocks', true, /index\.js$/ ),
},
( context, loadModules ) => {
if ( module.hot ) {
module.hot.accept( context.id, loadModules );
}
}
);
The same logic applies if you want to register block editor plugins: export a name
and settings
from each plugin module, then use the provided registerPlugin
and unregisterPlugin
methods within your plugins entrypoint file.
/**
* plugins.js:
* Dynamically locate, load & register all Gutenberg plugins.
*/
import { autoloadPlugins } from 'block-editor-hmr';
// Load all plugin index files.
autoloadPlugins(
{
/**
* Return a project-specific require.context.
*/
getContext: () => require.context( './plugins', true, /index\.js$/ ),
},
( context, loadModules ) => {
if ( module.hot ) {
module.hot.accept( context.id, loadModules );
}
}
);
As with blocks and plugins, helpers are also available to register Block Formats.
/**
* Dynamically locate, load & register all Gutenberg formats.
*/
import { autoloadFormats } from 'block-editor-hmr';
// Load all format index files.
autoloadFormats(
{
/**
* Return a project-specific require.context.
*/
getContext: () => require.context( './formats', true, /index\.js$/ ),
},
( context, loadModules ) => {
if ( module.hot ) {
module.hot.accept( context.id, loadModules );
}
}
);
In case you need more control over things, the library also exports a generic autoload
function, as well as any block- or plugin-specific function that is used as a default value.
import {
autoload,
registerBlock,
unregisterBlock,
beforeUpdateBlocks,
afterUpdateBlocks,
registerPlugin,
unregisterPlugin,
} from 'block-editor-hmr';
This means you can either pass select custom values to autoloadBlocks
and autoloadPlugins
, or roll your own autoloader via a fully custom autoload
.
For this to work, the bundle which utilizes these methods must be enqueued specifying wp-blocks
, wp-plugins
, wp-hooks
, and wp-data
as script dependencies.
The require.context
Webpack documentation is available here.
require.context
allows you to pass in a directory to search, a flag indicating whether subdirectories should be searched too, and a regular expression to match files against. The autoload
method takes this context, uses it to load matching JS modules, then passes those modules through the register
and unregister
hooks as necessary. before
and after
hooks are provided to support things like maintaining block context, so that an update doesn't deselect the block you're working on.
It's possible this could be simplified further, but testing to date indicates that require.context
and module.hot.accept
must be called from the entrypoint file within your project, rather than being abstracted within the third-party NPM module.
Note that at present, this file is not transpiled and may break some build processes. A built file with wider browser compatibility is my next step for this project.
FAQs
Utilities to autoload and hot-reload WordPress Block Editor modules.
The npm package block-editor-hmr receives a total of 1,495 weekly downloads. As such, block-editor-hmr popularity was classified as popular.
We found that block-editor-hmr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.