Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
click-to-react-component
Advanced tools
click-to-react-component
Option+Click your React components in your browser to open the source file in VS Code
Option+Click a Component in the browser to instantly goto the source in your editor.
Features
-
Option+Click opens the immediate Component's source
-
Option+Right-click opens a context menu with the parent Components'
props,fileName,columnNumber, andlineNumber
-
Works with frameworks like Next.js, Create React App, & Vite that use @babel/plugin-transform-react-jsx-source
-
Supports
vscode&vscode-insiders&cursorURL handling -
Automatically tree-shaken from
productionbuilds -
Keyboard navigation in context menu (e.g. ←, →, ⏎)
-
More context & faster than using React DevTools:
Installation
npm
npm install click-to-react-component
pnpm
pnpm add click-to-react-component
yarn
yarn add click-to-react-component
Even though click-to-react-component is added to dependencies, tree-shaking will remove click-to-react-component from production builds.
Usage
Create React App
+import { ClickToComponent } from 'click-to-react-component';
import React from 'react';
import ReactDOM from 'react-dom/client';
import './index.css';
@@ -8,7 +7,6 @@ import reportWebVitals from './reportWebVitals';
const root = ReactDOM.createRoot(document.getElementById('root'));
root.render(
<React.StrictMode>
+ <ClickToComponent />
<App />
</React.StrictMode>
);
Next.js
+import { ClickToComponent } from 'click-to-react-component'
import type { AppProps } from 'next/app'
import '../styles/globals.css'
function MyApp({ Component, pageProps }: AppProps) {
return (
<>
+ <ClickToComponent />
<Component {...pageProps} />
</>
)
Vite
+import { ClickToComponent } from "click-to-react-component";
import React from "react";
import ReactDOM from "react-dom/client";
import App from "./App";
import "./index.css";
ReactDOM.createRoot(document.getElementById("root")!).render(
<React.StrictMode>
<App />
+ <ClickToComponent />
</React.StrictMode>
);
Docusaurus
npm install @babel/plugin-transform-react-jsx-source
babel.config.js:
module.exports = {
presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
plugins: [
...(process.env.BABEL_ENV === 'development'
? ['@babel/plugin-transform-react-jsx-source']
: []),
],
};
src/theme/Root.js:
import { ClickToComponent } from 'click-to-react-component';
import React from 'react';
// Default implementation, that you can customize
export default function Root({ children }) {
return (
<>
<ClickToComponent />
{children}
</>
);
}
editor
By default, clicking will default editor to vscode.
If, like me, you use vscode-insiders, you can set editor explicitly:
-<ClickToComponent />
+<ClickToComponent editor="vscode-insiders" />
Run Locally
Clone the project
gh repo clone ericclemmons/click-to-component
Go to the project directory
cd click-to-component
Install dependencies
pnpm install
Run one of the examples:
Create React App
cd apps/cra
pnpm start
Next.js
cd apps/next
pnpm dev
FAQs
Option+Click your React components in your browser to open the source file in VS Code
The npm package click-to-react-component receives a total of 68,883 weekly downloads. As such, click-to-react-component popularity was classified as popular.
We found that click-to-react-component demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 03 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025