Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Use JSX for creating DOM elements.
npm install --save jsx-dom
import { h } from 'jsx-dom';
document.body.appendChild(
<div id="greeting" class="alert">Hello World</div>
);
Note: If you need JSX.Fragment support in TypeScript, you must import
the entire library as React
namespace because of TypeScript restrictions.
You need to tell your transpiler to use the name h
. If you prefer not to, or you need to use JSX.Fragment, skip to the next section for instructions. For Babel users, specify within your .babelrc
:
"plugins": [
["transform-react-jsx", {"pragma": "h"}]
]
Or if you prefer to work with TypeScript:
// In tsconfig.json:
"jsx": "react",
"jsxFactory": "h",
.babelrc
or tsconfig
optionsIf you don’t want to configure your transpiler to use jsx-dom
, simply import it using
the React namespace:
import * as React from 'jsx-dom';
jsx-dom
is based on the React JSX syntax with a few additions:
class
is supported as an attribute as well as className
.
class
can take:
{ [key: string]: boolean }
. Keys with a truthy value will be added to the classListNote that false
, true
, null
, undefined
will be ignored per React documentations, and everything else will be used. For example,
<div class="greeting" />
<div class={[ condition && "class" ]} />
<div class={{ hidden: isHidden, 'has-item': this.array.length > 0 }} />
<div class={[ classArray1, classArray2, ['nested'] ]} />
style
accepts both strings and objects.<div style="background: transparent;" />
<div style={{ background: 'transparent', fontFamily: 'serif' }} />
dataset
accepts an object, where keys with a null
or undefined
value will be ignored.on
and has a function value will be treated as an event listener and attached to the node with addEventListener
.innerHTML
, innerText
and textContent
are accepted.ref
accepts a callback (node: Element) => void
that allows access to the node after being created. This is useful when you have a nested node tree and need to access a node inside without creating an intermediary variable.A custom build with a list of commonly used SVG tags is included.
// Use 'jsx-dom/svg';
import { h } from 'jsx-dom/svg';
// Or if you prefer Common JS
const { h } = require('jsx-dom/svg.cjs');
document.body.appendChild(
<div class="flag" style={{ display: 'flex' }}>
<h1>Flag of Italy</h1>
<svg width="150" height="100" viewBox="0 0 3 2" class="flag italy">
<rect width="1" height="2" x="0" fill="#008d46" />
<rect width="1" height="2" x="1" fill="#ffffff" />
<rect width="1" height="2" x="2" fill="#d2232c" />
</svg>
</div>
);
Below is a list of SVG tags included.
svg, animate, circle, clipPath, defs, desc, ellipse, feBlend, feColorMatrix, feComponentTransfer, feComposite, feConvolveMatrix, feDiffuseLighting, feDisplacementMap, feDistantLight, feFlood, feFuncA, feFuncB, feFuncG, feFuncR, feGaussianBlur, feImage, feMerge, feMergeNode, feMorphology, feOffset, fePointLight, feSpecularLighting, feSpotLight, feTile, feTurbulence, filter, foreignObject, g, image, line, linearGradient, marker, mask, metadata, path, pattern, polygon, polyline, radialGradient, rect, stop, switch, symbol, text, textPath, tspan, use, view
If you need to create an SVG element that is not in the list, or you want to specify a custom namespace, use the attribute namespaceURI
.
import { h, SVGNamespace } from 'jsx-dom';
<a namespaceURI={SVGNamespace}>I am an SVG element!</a>
Two extra functions and one constant are provided by this package:
preventDefault(event: Event): Event
stopPropagation(event: Event): Event
SVGNamespace
is the namespaceURI
string for SVG Elements.jsx-dom
requires Object.keys
and Object.create
support. This means IE9 or later.
<div />
, and other tags, are inferred as a general JSX.Element
in TypeScript instead of
HTMLDivElement
(or the equivalents). This is a known bug and its fix depends on TypeScript#21699.
FAQs
JSX to document.createElement.
We found that jsx-dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.