Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
electron-react-scripts
Advanced tools
Create React apps with no build configuration.
npm install -g create-react-app
create-react-app my-app
cd my-app/
npm start
Install it once globally:
npm install -g create-react-app
You’ll need to have Node >= 4 on your machine. We recommend to use Node >= 6 and npm >= 3 for faster installation speed and better disk usage. You can use nvm to easily switch Node versions between different projects.
This tool doesn’t assume a Node backend. The Node installation is only required for the build tools that rely on it locally, such as Webpack and Babel.
To create a new app, run:
create-react-app my-app
cd my-app
It will create a directory called my-app
inside the current folder.
Inside that directory, it will generate the initial project structure and install the transitive dependencies:
my-app/
README.md
index.html
node_modules/
package.json
.gitignore
src/
App.css
App.js
index.css
index.js
logo.svg
No configuration or complicated folder structures, just the files you need to build your app.
Once the installation is done, you can run some commands inside the project folder:
npm start
Runs the app in development mode.
Launches electron-prebuilt.
The page will reload if you make edits.
You will see the build errors and lint warnings in the console.
npm run build
Builds the app for production to the build
folder.
It correctly bundles React in production mode and optimizes the build for the best performance.
The build is minified and the filenames include the hashes.
Your app is ready to be deployed!
The generated project will include a guide in its README.
You can also read its latest version here.
One Dependency: There is just one build dependency. It uses Webpack, Babel, ESLint, and other amazing projects, but provides a cohesive curated experience on top of them.
Zero Configuration: There are no configuration files or command line options. Configuring both development and production builds is handled for you so you can focus on writing code.
No Lock-In: You can “eject” to a custom setup at any time. Run a single command, and all the configuration and build dependencies will be moved directly into your project, so you can pick up right where you left off.
If you’re getting started with React, use create-react-app
to automate the build of your app. There is no configuration file, and react-scripts
is the only extra build dependency in your package.json
. Your environment will have everything you need to build a modern React app:
-webkit
or other prefixes.build
script to bundle JS, CSS, and images for production, with sourcemaps.The feature set is intentionally limited. It doesn’t support advanced features such as server rendering or CSS modules. Currently, it doesn’t support testing either. The tool is also non-configurable because it is hard to provide a cohesive experience and easy updates across a set of tools when the user can tweak anything.
You don’t have to use this. Historically it has been easy to gradually adopt React. However many people create new single-page React apps from scratch every day. We’ve heard loud and clear that this process can be error-prone and tedious, especially if this is your first JavaScript build stack. This project is an attempt to figure out a good way to start developing React apps.
If you’re a power user and you aren’t happy with the default configuration, you can “eject” from the tool and use it as a boilerplate generator.
Running npm run eject
copies all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. Commands like npm start
and npm run build
will still work, but they will point to the copied scripts so you can tweak them. At this point, you’re on your own.
Note: this is a one-way operation. Once you eject
, you can’t go back!
You don’t have to ever use eject
. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
Some features are currently not supported:
Some of them might get added in the future if they are stable, are useful to majority of React apps, don’t conflict with existing tools, and don’t introduce additional configuration.
The tools used by Create React App are subject to change. Currently it is a thin layer on top of many amazing community projects, such as:
All of them are transitive dependencies of the provided npm package.
We'd love to have your helping hand on create-react-app
! See CONTRIBUTING.md for more information on what we're looking for and how to get started.
We are grateful to the authors of existing related projects for their ideas and collaboration:
If you don’t agree with the choices made in this project, you might want to explore alternatives with different tradeoffs:
You can also use module bundlers like webpack and Browserify directly.
React documentation includes a walkthrough on this topic.
FAQs
Configuration and scripts for Create React App.
The npm package electron-react-scripts receives a total of 1 weekly downloads. As such, electron-react-scripts popularity was classified as not popular.
We found that electron-react-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.