Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Use JSX for creating DOM elements.
npm install --save jsx-dom
import { h } from 'jsx-dom';
document.body.appendChild(
<div id="greeting" class="alert">Hello World</div>
);
Note: If you are coming from a previous version and are using createElement
instead of h
, no change is necessary as both of them will continue to work.
You need to tell your transpiler to use the name h
. If you prefer not to, skip to the next section for instructions. For Babel users, specify within your .babelrc
:
"plugins": [
["transform-react-jsx", {"pragma": "h"}]
]
Or if you prefer to work with TypeScript:
// In tsconfig.json:
"jsx": "react",
"jsxFactory": "h",
.babelrc
or tsconfig
optionsIf you don’t want to configure your transpiler to use jsx-dom
, simply import it using
the React namespace:
import * as React from 'jsx-dom';
jsx-dom
is based on the React JSX syntax with a few additions:
class
is supported as an attribute as well as className
.
class
can take:
{ [key: string]: boolean }
. Keys with a truthy value will be added to the classListNote that false
, true
, null
, undefined
will be ignored per React documentations, and everything else will be used. For example,
<div class="greeting" />
<div class={[ condition && "class" ]} />
<div class={{ hidden: isHidden, 'has-item': this.array.length > 0 }} />
<div class={[ classArray1, classArray2, ['nested'] ]} />
style
accepts both strings and objects.<div style="background: transparent;" />
<div style={{ background: 'transparent', fontFamily: 'serif' }} />
dataset
accepts an object.on
and has a function value will be treated as an event listener and attached to the node with addEventListener
.innerHTML
, innerText
and textContent
are accepted.ref
accepts a callback (node: Element) => void
that allows access to the node after being created. This is useful when you have a nested node tree and need to access a node inside without creating an intermediary variable.A custom build with a list of commonly used SVG tags is included.
// Use 'jsx-dom/svg';
import { h } from 'jsx-dom/svg';
// Or if you prefer Common JS
const { h } = require('jsx-dom/svg.cjs');
document.body.appendChild(
<div class="flag" style={{ display: 'flex' }}>
<h1>Flag of Italy</h1>
<svg width="150" height="100" viewBox="0 0 3 2" class="flag italy">
<rect width="1" height="2" x="0" fill="#008d46" />
<rect width="1" height="2" x="1" fill="#ffffff" />
<rect width="1" height="2" x="2" fill="#d2232c" />
</svg>
</div>
);
Below is a list of SVG tags included.
svg, animate, circle, clipPath, defs, desc, ellipse, feBlend, feColorMatrix, feComponentTransfer, feComposite, feConvolveMatrix, feDiffuseLighting, feDisplacementMap, feDistantLight, feFlood, feFuncA, feFuncB, feFuncG, feFuncR, feGaussianBlur, feImage, feMerge, feMergeNode, feMorphology, feOffset, fePointLight, feSpecularLighting, feSpotLight, feTile, feTurbulence, filter, foreignObject, g, image, line, linearGradient, marker, mask, metadata, path, pattern, polygon, polyline, radialGradient, rect, stop, switch, symbol, text, textPath, tspan, use, view
If you need to create an SVG element that is not in the list, or you want to specify a custom namespace, use the attribute namespaceURI
.
import { h, SVGNamespace } from 'jsx-dom';
<a namespaceURI={SVGNamespace}>I am an SVG element!</a>
Two extra functions and one constant are provided by this package:
preventDefault(event: Event): Event
stopPropagation(event: Event): Event
SVGNamespace
is the namespaceURI
string for SVG Elements.jsx-dom
requires Object.keys
and Object.create
support. This means IE9 or later.
5.1.6
null
y value gets passed to dataset.FAQs
JSX to document.createElement.
The npm package jsx-dom receives a total of 7,629 weekly downloads. As such, jsx-dom popularity was classified as popular.
We found that jsx-dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.