Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
elwins-test-web-components
Advanced tools
Some test Web Components build with Stencil.
Stencil is a simple compiler for generating Web Components and progressive web apps (PWA). Stencil was built by the Ionic Framework team for its next generation of performant mobile and desktop Web Components.
Stencil combines the best concepts of the most popular frontend frameworks into a compile-time rather than run-time tool. It takes TypeScript, JSX, a tiny virtual DOM layer, efficient one-way data binding, an asynchronous rendering pipeline (similar to React Fiber), and lazy-loading out of the box, and generates 100% standards-based Web Components that run on both modern browsers and legacy browsers back to Internet Explorer 11.
Stencil components are just Web Components, so they work in any major framework or with no framework at all. In many cases, Stencil can be used as a drop in replacement for traditional frontend frameworks given the capabilities now available in the browser, though using it as such is certainly not required.
Stencil also enables a number of key capabilities on top of Web Components, in particular Server Side Rendering (SSR) without the need to run a headless browser, pre-rendering, and objects-as-properties (instead of just strings).
Note: Stencil and Ionic are completely independent projects. Stencil does not prescribe any specific UI framework, but Ionic is the largest user of Stencil (today!)
<script
type="module"
src="https://cdn.jsdelivr.net/npm/elwins-test-web-components@0.3.0/dist/elwins-test-web-components/elwins-test-web-components.esm.js"
></script>
<eve-button href="https://elwinvaneede.com">Website</eve-button>
Use the React bindings.
Use the Angular bindings.
Use the Vue bindings.
Run npm install elwins-test-web-components
or yarn add elwins-test-web-components
Edit src/main.js
to include:
// Import my test Web Components
import {
applyPolyfills,
defineCustomElements,
} from "elwins-test-web-components/loader";
// ...
// configure Vue.js to ignore my test Web Components
Vue.config.ignoredElements = [/eve-\w*/];
// Register my test Web Components
applyPolyfills().then(() => {
defineCustomElements(window);
});
new Vue({
render: (h) => h(App),
}).$mount("#app");
The components should then be available in any of the Vue components:
render() {
return (
<div>
<eve-button href="https://elwinvaneede.com">elwinvaneede.com</eve-button>
</div>
)
}
Vue provides several different ways to install and use the framework in an application. The above technique for integrating a Stencil custom element library has been tested on a Vue 2 application that was created using the vue-cli with ES2015 and WebPack as primary options. A similar technique should work if the application was generated using other options.
When binding complex data such as objects and arrays, use the .prop
modifier to make Vue bind them as a property instead of an attribute:
<eve-select :options.prop="myOptions" />
One caveat is there's no support for v-model on custom elements in Vue 2, but you can still achieve two-way binding manually:
<!-- This doesn't work -->
<eve-input v-model="name"></eve-input>
<!-- This works, but it's a bit longer -->
<eve-input :value="name" @input="name = $event.target.value"></eve-input>
If that's too verbose, you can use this Directive from Shoelace.
To start building the components using Stencil, clone this repo to a new directory:
git clone https://github.com/elwinvaneede/elwins-test-web-components.git elwins-test-web-components
cd elwins-test-web-components
and run:
npm install
npm start
To build the components for production, run:
npm run build
To run the unit tests for the components, run:
npm test
FAQs
Some test Web Components build with Stencil
The npm package elwins-test-web-components receives a total of 1 weekly downloads. As such, elwins-test-web-components popularity was classified as not popular.
We found that elwins-test-web-components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.