Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
mint-components
Advanced tools
The default Sapper template, available for Rollup and webpack.
degit
degit
is a scaffolding tool that lets you create a directory from a branch in a repository. Use either the rollup
or webpack
branch in sapper-template
:
# for Rollup
npx degit "sveltejs/sapper-template#rollup" my-app
# for webpack
npx degit "sveltejs/sapper-template#webpack" my-app
Alternatively, you can use GitHub's template feature with the sapper-template-rollup or sapper-template-webpack repositories.
However you get the code, you can install dependencies and run the project in development mode with:
cd my-app
npm install # or yarn
npm run dev
Open up localhost:3000 and start clicking around.
Consult sapper.svelte.dev for help getting started.
Sapper expects to find two directories in the root of your project — src
and static
.
The src directory contains the entry points for your app — client.js
, server.js
and (optionally) a service-worker.js
— along with a template.html
file and a routes
directory.
This is the heart of your Sapper app. There are two kinds of routes — pages, and server routes.
Pages are Svelte components written in .svelte
files. When a user first visits the application, they will be served a server-rendered version of the route in question, plus some JavaScript that 'hydrates' the page and initialises a client-side router. From that point forward, navigating to other pages is handled entirely on the client for a fast, app-like feel. (Sapper will preload and cache the code for these subsequent pages, so that navigation is instantaneous.)
Server routes are modules written in .js
files, that export functions corresponding to HTTP methods. Each function receives Express request
and response
objects as arguments, plus a next
function. This is useful for creating a JSON API, for example.
There are three simple rules for naming the files that define your routes:
src/routes/about.svelte
corresponds to the /about
route. A file called src/routes/blog/[slug].svelte
corresponds to the /blog/:slug
route, in which case params.slug
is available to the routesrc/routes/index.svelte
(or src/routes/index.js
) corresponds to the root of your app. src/routes/about/index.svelte
is treated the same as src/routes/about.svelte
.src/routes/_helpers/datetime.js
and it would not create a /_helpers/datetime
routeThe static directory contains any static assets that should be available. These are served using sirv.
In your service-worker.js file, you can import these as files
from the generated manifest...
import { files } from '@sapper/service-worker';
...so that you can cache them (though you can choose not to, for example if you don't want to cache very large files).
Sapper uses Rollup or webpack to provide code-splitting and dynamic imports, as well as compiling your Svelte components. With webpack, it also provides hot module reloading. As long as you don't do anything daft, you can edit the configuration files to add whatever plugins you'd like.
To start a production version of your app, run npm run build && npm start
. This will disable live reloading, and activate the appropriate bundler plugins.
You can deploy your application to any environment that supports Node 10 or above. As an example, to deploy to Vercel Now when using sapper export
, run these commands:
npm install -g vercel
vercel
If your app can't be exported to a static site, you can use the now-sapper builder. You can find instructions on how to do so in its README.
When using Svelte components installed from npm, such as @sveltejs/svelte-virtual-list, Svelte needs the original component source (rather than any precompiled JavaScript that ships with the component). This allows the component to be rendered server-side, and also keeps your client-side app smaller.
Because of that, it's essential that the bundler doesn't treat the package as an external dependency. You can either modify the external
option under server
in rollup.config.js or the externals
option in webpack.config.js, or simply install the package to devDependencies
rather than dependencies
, which will cause it to get bundled (and therefore compiled) with your app:
npm install -D @sveltejs/svelte-virtual-list
Sapper is in early development, and may have the odd rough edge here and there. Please be vocal over on the Sapper issue tracker.
FAQs
[¿Qué comer en Tijuana?](https://www.feedmetj.com/)
The npm package mint-components receives a total of 23 weekly downloads. As such, mint-components popularity was classified as not popular.
We found that mint-components demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.