Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
caravaggio-react
Advanced tools
This library provides react components and hooks to integrate Caravaggio in your react projects.
Install with
yarn add caravaggio-react
or
npm install caravaggio-react
This library is entirelly written in typescript
.
Any component or hook in this library need to be descendant of a CaravaggioProvider
. This provider will set which Caravaggio instance to use for transformations. Put this provider as on top as you can.
// App.tsx (or App.js)
import { CaravaggioProvider } from "caravaggio-react";
export default function App(props) {
return (
<CaravaggioProvider
url="https://mycaravaggio.dev"
>
{props.children}
</CaravaggioProvider>
);
}
The available props for the provider are
props | description | optional/mandatory |
---|---|---|
url | Tells the provider the url of Caravaggio instance. It can be an absolute of relative url in case Caravaggio is served from the same domain as your app | mandatory |
baseUrl | Caravaggio can only transform images with absolute url. If you want to use relative urls, set this value and all the images will be considered relative to this baseUrl | optional, default `null` |
An image component is available to transform your images. It takes the same props as a normal img
tag, plus an addotional opt
props. You can pass any option available on Caravaggio.
import { Image } from 'caravaggio-react';
<Image
src="https://pexels.com/cangaroo.png"
alt="A cangaroo jumping around"
opt={{
o: "webp",
q: 90,
blur: 10,
rs: {
s: "640x480",
},
}}
/>
In the above example we transform the image to webp
, with a quality of 90
, a blur effect and resizing it to 640x480
pixels.
Check Caravaggio documentation to know about all possible options.
You can generate a srcset
using the ImageSet
component.
import { ImageSet } from "caravaggio-react";
<ImageSet
src="https://img.com/butterfly.png"
alt="A butterfly"
className="myclass"
// Sets is an array of sources
sets={[
{
// This source produce a webp image
type: "image/webp",
// The rules for this source
rules: {
// When screen is less wider than 300px
"300w": {
// Use this caravaggio options to produce the image
opt: {
o: "webp",
rs: {
s: "300x",
},
},
},
// Use this for screen large up to 600px
"600w": {
opt: {
o: "webp",
rs: {
s: "600x",
},
},
},
},
},
// This is the second set, we want it for browsers
// not capable of handling webp images.
// The rules are the same except for the output format
{
rules: {
"300w": {
opt: {
rs: {
s: "300x",
},
},
},
"600w": {
opt: {
rs: {
s: "600x",
},
},
},
},
},
]}
/>;
The component generates this html:
<figure class="myclass">
<picture>
<source
type="image/webp"
srcset="
/api/assets/o:webp/rs,s:300x?image=http://localhost:3000/myimage.png 300w,
/api/assets/o:webp/rs,s:600x?image=http://localhost:3000/myimage.png 600w
"
/>
<source
srcset="
/api/assets/rs,s:300x?image=http://localhost:3000/myimage.png 300w,
/api/assets/rs,s:600x?image=http://localhost:3000/myimage.png 600w
"
/>
<img src="/myimage.png" alt="example image" />
</picture>
</figure>
A hook, useCaravaggio
, is provided to get, instead of an image tag, an image url with all the transformation applied. Very useful to insert images in css, or for css-in-js libraries
import { useCaravaggio } from "caravaggio-react";
const Component = () => {
const image = useCaravaggio("https://img.com/landscape.png", {
blur: 0.3,
});
return <div style={{ backgroundImage: `url('${image}')` }}>Some content</div>;
};
The first parameter is the image to transform, the second an object with all the transformations.
Sometimes you may not be sure if Caravaggio is available or not. This hook behaves exactly as useCaravaggio
but
is less sensible to problems: if Caravaggio provider is not available or the image is not defined, it returns a sensible default:
import { useCaravaggioIfAvailable } from "caravaggio-react";
const Component = ({image}: {image?: string}) => {
const image = useCaravaggioIfAvailable(image, {
blur: 0.3,
});
// If the image is not available returns null.
// If the provider is not available, returns the original image url
return <div style={{ backgroundImage: `url('${image}')` }}>Some content</div>;
};
This hook return a function that can be invoked later to produce the image url
import { useCaravaggioIfAvailable } from "caravaggio-react";
const Component = ({image}: {image?: string}) => {
const builder = useCaravaggioBuilder();
const animals = [
{
name: 'tiger',
image: 'https://images.com/tiger.png'
},
{
name: 'monkey',
image: 'https://images.com/monkey.png'
},
{
name: 'horse',
image: 'https://images.com/horse.png'
}
]
// If the image is not available returns null.
// If the provider is not available, returns the original image url
return <div>{
animals.map(animal => <img src={builder(animal.image, {o: 'jpg'})} key={animal.name} />)
}</div>;
};
To know about all the options, check Caravaggio documentation.
FAQs
Caravaggio react library
The npm package caravaggio-react receives a total of 19 weekly downloads. As such, caravaggio-react popularity was classified as not popular.
We found that caravaggio-react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.