Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
classnames
Advanced tools
The classnames package is a simple utility for conditionally joining class names together. It is commonly used in React projects but can be used anywhere that requires dynamic class name computation.
String arguments
Combine multiple string arguments into one class name.
classnames('foo', 'bar'); // 'foo bar'
Object arguments
Use an object to include class names conditionally based on the truthiness of the object's values.
classnames({ 'foo': true, 'bar': false }); // 'foo'
Array arguments
Pass an array of class names which will be joined together.
classnames(['foo', 'bar']); // 'foo bar'
Mixed arguments
Combine string, object, and array arguments to form a class name string.
classnames('foo', { 'bar': true, 'duck': false }, ['baz', { 'quux': true }]); // 'foo bar baz quux'
clsx is a tiny utility for constructing className strings conditionally. It is similar to classnames but is smaller and faster, making it a popular alternative.
Emotion is a performant and flexible CSS-in-JS library. While it is more than a class name utility, it provides similar functionalities in terms of composing and applying class names conditionally.
A simple JavaScript utility for conditionally joining classNames together.
Install from the npm registry with your package manager:
npm install classnames
Use with Node.js, Browserify, or webpack:
const classNames = require('classnames');
classNames('foo', 'bar'); // => 'foo bar'
Alternatively, you can simply include index.js
on your page with a standalone <script>
tag and it will export a global classNames
method, or define the module if you are using RequireJS.
We take the stability and performance of this package seriously, because it is run millions of times a day in browsers all around the world. Updates are thoroughly reviewed for performance implications before being released, and we have a comprehensive test suite.
Classnames follows the SemVer standard for versioning.
There is also a Changelog.
The classNames
function takes any number of arguments which can be a string or object.
The argument 'foo'
is short for { foo: true }
. If the value associated with a given key is falsy, that key won't be included in the output.
classNames('foo', 'bar'); // => 'foo bar'
classNames('foo', { bar: true }); // => 'foo bar'
classNames({ 'foo-bar': true }); // => 'foo-bar'
classNames({ 'foo-bar': false }); // => ''
classNames({ foo: true }, { bar: true }); // => 'foo bar'
classNames({ foo: true, bar: true }); // => 'foo bar'
// lots of arguments of various types
classNames('foo', { bar: true, duck: false }, 'baz', { quux: true }); // => 'foo bar baz quux'
// other falsy values are just ignored
classNames(null, false, 'bar', undefined, 0, 1, { baz: null }, ''); // => 'bar 1'
Arrays will be recursively flattened as per the rules above:
const arr = ['b', { c: true, d: false }];
classNames('a', arr); // => 'a b c'
If you're in an environment that supports computed keys (available in ES2015 and Babel) you can use dynamic class names:
let buttonType = 'primary';
classNames({ [`btn-${buttonType}`]: true });
This package is the official replacement for classSet
, which was originally shipped in the React.js Addons bundle.
One of its primary use cases is to make dynamic and conditional className
props simpler to work with (especially more so than conditional string manipulation). So where you may have the following code to generate a className
prop for a <button>
in React:
import React, { useState } from 'react';
export default function Button (props) {
const [isPressed, setIsPressed] = useState(false);
const [isHovered, setIsHovered] = useState(false);
let btnClass = 'btn';
if (isPressed) btnClass += ' btn-pressed';
else if (isHovered) btnClass += ' btn-over';
return (
<button
className={btnClass}
onMouseDown={() => setIsPressed(true)}
onMouseUp={() => setIsPressed(false)}
onMouseEnter={() => setIsHovered(true)}
onMouseLeave={() => setIsHovered(false)}
>
{props.label}
</button>
);
}
You can express the conditional classes more simply as an object:
import React, { useState } from 'react';
import classNames from 'classnames';
export default function Button (props) {
const [isPressed, setIsPressed] = useState(false);
const [isHovered, setIsHovered] = useState(false);
const btnClass = classNames({
btn: true,
'btn-pressed': isPressed,
'btn-over': !isPressed && isHovered,
});
return (
<button
className={btnClass}
onMouseDown={() => setIsPressed(true)}
onMouseUp={() => setIsPressed(false)}
onMouseEnter={() => setIsHovered(true)}
onMouseLeave={() => setIsHovered(false)}
>
{props.label}
</button>
);
}
Because you can mix together object, array and string arguments, supporting optional className
props is also simpler as only truthy arguments get included in the result:
const btnClass = classNames('btn', this.props.className, {
'btn-pressed': isPressed,
'btn-over': !isPressed && isHovered,
});
dedupe
versionThere is an alternate version of classNames
available which correctly dedupes classes and ensures that falsy classes specified in later arguments are excluded from the result set.
This version is slower (about 5x) so it is offered as an opt-in.
To use the dedupe version with Node.js, Browserify, or webpack:
const classNames = require('classnames/dedupe');
classNames('foo', 'foo', 'bar'); // => 'foo bar'
classNames('foo', { foo: false, bar: true }); // => 'bar'
For standalone (global / AMD) use, include dedupe.js
in a <script>
tag on your page.
bind
version (for css-modules)If you are using css-modules, or a similar approach to abstract class 'names' and the real className
values that are actually output to the DOM, you may want to use the bind
variant.
Note that in ES2015 environments, it may be better to use the "dynamic class names" approach documented above.
const classNames = require('classnames/bind');
const styles = {
foo: 'abc',
bar: 'def',
baz: 'xyz',
};
const cx = classNames.bind(styles);
const className = cx('foo', ['bar'], { baz: true }); // => 'abc def xyz'
Real-world example:
/* components/submit-button.js */
import { useState } from 'react';
import classNames from 'classnames/bind';
import styles from './submit-button.css';
const cx = classNames.bind(styles);
export default function SubmitButton ({ store, form }) {
const [submissionInProgress, setSubmissionInProgress] = useState(store.submissionInProgress);
const [errorOccurred, setErrorOccurred] = useState(store.errorOccurred);
const [valid, setValid] = useState(form.valid);
const text = submissionInProgress ? 'Processing...' : 'Submit';
const className = cx({
base: true,
inProgress: submissionInProgress,
error: errorOccurred,
disabled: valid,
});
return <button className={className}>{text}</button>;
}
classNames >=2.0.0
Array.isArray
: see MDN for details about unsupported older browsers (e.g. <= IE8) and a simple polyfill.
Copyright (c) 2018 Jed Watson. Copyright of the Typescript bindings are respective of each contributor listed in the definition file.
v2.5.1 / 2023-12-29
workspaces
field from package (#350)FAQs
A simple utility for conditionally joining classNames together
The npm package classnames receives a total of 11,056,655 weekly downloads. As such, classnames popularity was classified as popular.
We found that classnames demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.