Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
next-plausible
Advanced tools
Simple integration for https://plausible.io analytics and https://nextjs.org.
Simple integration for https://plausible.io analytics and https://nextjs.org.
See this commit for a real world example.
To include the Plausible analytics script in your NextJS page just use the PlausibleProvider
component:
import PlausibleProvider from 'next-plausible'
export default Home() {
return (
<PlausibleProvider domain="example.com">
<h1>My Site</h1>
...
</PlausibleProvider>
)
}
If you want to include it globally for all your pages you can use the component in your custom _app.js
file:
import PlausibleProvider from 'next-plausible'
export default function MyApp({ Component, pageProps }) {
return (
<PlausibleProvider domain="example.com">
<Component {...pageProps} />
</PlausibleProvider>
)
}
PlausibleProvider
propsName | Description |
---|---|
domain | The domain of the site you want to monitor. |
customDomain | Set this if you use a custom domain to serve the analytics script. Defaults to https://plausible.io. See https://plausible.io/docs/custom-domain for more details. |
trackOutboundLinks | Set this to true if you want to enable outbound link click tracking. |
exclude | Set this if you want to exclude a set of pages from being tracked. See https://plausible.io/docs/excluding-pages for more details. |
selfHosted | Set this to true if you are self hosting your Plausible instance. Otherwise you will get a 404 when requesting the script. |
enabled | Use this to explicitly decide whether or not to render script. If not passed the script will be rendered when process.env.NODE_ENV === 'production' . |
integrity | Optionally define the subresource integrity attribute for extra security. |
api | Optionally define a custom endpoint for Plausible events. This can be useful for proxying from a statically generated site as described here. |
To avoid being blocked by adblockers plausible recommends proxying the script. To do this you need to wrap your next.config.js
with the withPlausibleProxy
function:
const { withPlausibleProxy } = require('next-plausible')
module.exports = withPlausibleProxy()({
// ...your next js config, if any
})
This will set up the necessary rewrites as described here and configure PlausibleProvider
to use the local URLs so you can keep using it like this:
<PlausibleProvider domain="example.com">
...
</PlausibleProvider>
}
Note: This will only work if you serve your site using next start
. Statically generated sites won't be able to rewrite the requests.
Optionally you can overwrite the proxied script subdirectory and name:
const { withPlausibleProxy } = require('next-plausible')
module.exports = withPlausibleProxy({
subdirectory: 'yoursubdirectory',
scriptName: 'scriptName',
})({
// ...your next js config, if any
})
This will load the script from /js/yoursubdirectory/scriptName.js
.
Plausible supports custom events as described at https://plausible.io/docs/custom-event-goals. This package provides the usePlausible
hook to safely access the plausible
function like this:
import { usePlausible } from 'next-plausible'
export default function PlausibleButton() {
const plausible = usePlausible()
return (
<>
<button onClick={() => plausible('customEventName')}>Send</button>
<button
id="foo"
onClick={() =>
plausible('customEventName', {
props: {
buttonId: 'foo',
},
})
}
>
Send with props
</button>
</>
)
}
If you use Typescript you can type check your custom events like this:
import { usePlausible } from 'next-plausible'
type MyEvents = {
event1: { prop1: string }
event2: { prop2: string }
event3: never
}
const plausible = usePlausible<MyEvents>()
Only those events with the right props will be allowed to be sent using the plausible
function.
yarn build
will generate the production scripts under the dist
folder.v1.8.0 (2021-07-11)
Closed issues:
FAQs
Simple integration for https://nextjs.org and https://plausible.io analytics.
The npm package next-plausible receives a total of 36,749 weekly downloads. As such, next-plausible popularity was classified as popular.
We found that next-plausible demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.