Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
Package was removed
Sorry, it seems this package was removed from the registry
Cinnabon JS🥧
Your next app will rise
*As of current, the project's build settings only work with Vite.
Getting Started
Run the following to add Cinnabon:
npm i cinnabon
Add the following entry to your typescript config (tsconfig.json):
{
...
"jsx": "preserve"
...
}
Your Vite config (vite.config.ts) should use Cinnabon's BuildSettings as per the following:
import { defineConfig } from "vite"
import { BuildSettings } from "cinnabon/src/settings"
const { jsxInject, jsxFactory, jsxFragment } = BuildSettings.esbuild
export default defineConfig({
esbuild: {
jsx: "transform",
jsxInject,
jsxFactory,
jsxFragment,
},
})
With your compilation settings configured, you can create a simple Cinnabon application as per the following:
App.ts
import { createSignal } from "cinnabon/src"
export const App = () => {
const count = createSignal(0)
return (
<>
<h1>{count}</h1>
<button onClick={() => count.value++}>Click me</button>
</>
)
}
main.ts
import { Cinnabon } from "cinnabon/src/cinnabon"
import "./style.css"
import { App } from "./App"
const root = document.getElementById("app")!
Cinnabon.mount(App(), root)
But what if I want to create a real application?
Cinnabon comes out of the box with support for two-way-binding, suspenseful components and more.
Suspense:
type ProductCategoriesResponse = string[] | Error
async function getProductCategories(): Promise<string[] | Error> {
try {
const res = await fetch("https://dummyjson.com/products/categories")
if (!res.ok)
throw new Error(res.statusText ?? "Failed to load product categories")
return await res.json()
} catch (error) {
return error as Error
}
}
const SuspenseExample = () => {
return (
<Suspense cache promise={getProductCategories}>
{(loading: boolean, data: ProductCategoriesResponse) => {
if (data instanceof Error) return <p>{data.message}</p>
if (loading) return <p>loading...</p>
return <ul>{...categories.map((c) => <li>{c}</li>)}</ul>
}}
</Suspense>
)
}
Two-way binding:
const TwoWayBindingExample = () => {
const count = createSignal(0)
return (
<>
<h1>{count}</h1>
<button onClick={() => count.value++}>click me</button>
<input
value={count}
onChange={(e) => {
count.value = parseInt((e.target as HTMLInputElement).value)
}}
/>
</>
)
}
FAQs
A reactive, component-based js rendering library
We found that cinnabon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Apr 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025