Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
christophior-react-scripts
Advanced tools
Create React apps with no build configuration.
npm install -g create-react-app
create-react-app my-app
cd my-app/
npm start
Then open http://localhost:3000/ to see your app.
When you’re ready to deploy to production, create a minified bundle with npm run build
.
Install it once globally:
npm install -g create-react-app
You’ll need to have Node >= 4 on your machine. We recommend to use Node >= 6 and npm >= 3 for faster installation speed and better disk usage. You can use nvm to easily switch Node versions between different projects.
This tool doesn’t assume a Node backend. The Node installation is only required for the build tools that rely on it locally, such as Webpack and Babel.
To create a new app, run:
create-react-app my-app
cd my-app
It will create a directory called my-app
inside the current folder.
Inside that directory, it will generate the initial project structure and install the transient dependencies:
my-app/
README.md
index.html
favicon.ico
node_modules/
package.json
src/
App.css
App.js
index.css
index.js
logo.svg
No configuration or complicated folder structures, just the files you need to build your app.
Once the installation is done, you can run some commands inside the project folder:
npm start
Runs the app in development mode.
Open http://localhost:3000 to view it in the browser.
The page will reload if you make edits.
You will see the build errors and lint warnings in the console.
npm run build
Builds the app for production to the build
folder.
It correctly bundles React in production mode and optimizes the build for the best performance.
The build is minified and the filenames include the hashes.
Your app is ready to be deployed!
The generated project will include a guide in its README.
You can also read its latest version here.
One Dependency: There is just one build dependency. It uses Webpack, Babel, ESLint, and other amazing projects, but provides a cohesive curated experience on top of them.
Zero Configuration: There are no configuration files or command line options. Configuring both development and production builds is handled for you so you can focus on writing code.
No Lock-In: You can “eject” to a custom setup at any time. Run a single command, and all the configuration and build dependencies will be moved directly into your project, so you can pick up right where you left off.
If you’re getting started with React, use create-react-app
to automate the build of your app. There is no configuration file, and react-scripts
is the only extra build dependency in your package.json
. Your environment will have everything you need to build a modern React app:
-webkit
or other prefixes.build
script to bundle JS, CSS, and images for production, with sourcemaps.The feature set is intentionally limited. It doesn’t support advanced features such as server rendering or CSS modules. Currently, it doesn’t support testing either. The tool is also non-configurable because it is hard to provide a cohesive experience and easy updates across a set of tools when the user can tweak anything.
You don’t have to use this. Historically it has been easy to gradually adopt React. However many people create new single-page React apps from scratch every day. We’ve heard loud and clear that this process can be error-prone and tedious, especially if this is your first JavaScript build stack. This project is an attempt to figure out a good way to start developing React apps.
If you’re a power user and you aren’t happy with the default configuration, you can “eject” from the tool and use it as a boilerplate generator.
Running npm run eject
copies all the configuration files and the transient dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. Commands like npm start
and npm run build
will still work, but they will point to the copied scripts so you can tweak them. At this point, you’re on your own.
Note: this is a one-way operation. Once you eject
, you can’t go back!
You don’t have to ever use eject
. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
Some features are currently not supported:
Some of them might get added in the future if they are stable, are useful to majority of React apps, don’t conflict with existing tools, and don’t introduce additional configuration.
The tools used by Create React App are subject to change. Currently it is a thin layer on top of many amazing community projects, such as:
All of them are transient dependencies of the provided npm package.
Clone the repo and run npm install
in the root and the global-cli
folder.
Once it is done, you can modify any file locally and run npm start
or npm run build
just like in a generated project.
If you want to try out the end-to-end flow with the global CLI, you can do this too:
npm run create-react-app my-app
cd my-app
and then run npm start
or npm run build
.
We are grateful to the authors of existing related projects for their ideas and collaboration:
If you don’t agree with the choices made in this project, you might want to explore alternatives with different tradeoffs:
You can also use module bundlers like webpack and Browserify directly.
React documentation includes a walkthrough on this topic.
FAQs
Configuration and scripts for Create React App.
The npm package christophior-react-scripts receives a total of 0 weekly downloads. As such, christophior-react-scripts popularity was classified as not popular.
We found that christophior-react-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.