Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
next-plausible
Advanced tools
Simple integration for https://plausible.io analytics and https://nextjs.org.
Simple integration for https://plausible.io analytics and https://nextjs.org.
See this commit for a real world example.
Important: If you're using a version of next lower than 11.1.0
please use next-plausible@2
to avoid type checking errors (see https://github.com/4lejandrito/next-plausible/issues/25).
To enable Plausible analytics in your Next.js app you'll need to expose the Plausible context, <PlausibleProvider />
, at the top level of your application inside _app.js
:
// pages/_app.js
import PlausibleProvider from 'next-plausible'
export default function MyApp({ Component, pageProps }) {
return (
<PlausibleProvider domain="example.com">
<Component {...pageProps} />
</PlausibleProvider>
)
}
If you want to enable Plausible analytics only on a single page you can wrap the page in a PlausibleProvider
component:
// pages/home.js
import PlausibleProvider from 'next-plausible'
export default Home() {
return (
<PlausibleProvider domain="example.com">
<h1>My Site</h1>
{/* ... */}
</PlausibleProvider>
)
}
PlausibleProvider
PropsName | Description |
---|---|
domain | The domain of the site you want to monitor. |
customDomain | Set this if you use a custom domain to serve the analytics script. Defaults to https://plausible.io. See https://plausible.io/docs/custom-domain for more details. |
trackOutboundLinks | Set this to true if you want to enable outbound link click tracking. |
trackFileDownloads | Set this to true if you want to enable file download tracking. |
trackLocalhost | Set this to true if you want to enable localhost tracking as described here. |
manualPageviews | Set this to true if you want to disable automatic pageview events as described here. |
exclude | Set this if you want to exclude a set of pages from being tracked. See https://plausible.io/docs/excluding-pages for more details. |
selfHosted | Set this to true if you are self hosting your Plausible instance. Otherwise you will get a 404 when requesting the script. |
enabled | Use this to explicitly decide whether or not to render script. If not passed the script will be rendered in production environments. |
integrity | Optionally define the subresource integrity attribute for extra security. |
scriptProps | Optionally override any of the props passed to the script element. See example. |
To avoid being blocked by adblockers plausible recommends proxying the script. To do this you need to wrap your next.config.js
with the withPlausibleProxy
function:
const { withPlausibleProxy } = require('next-plausible')
module.exports = withPlausibleProxy()({
// ...your next js config, if any
})
This will set up the necessary rewrites as described here and configure PlausibleProvider
to use the local URLs so you can keep using it like this:
<PlausibleProvider domain="example.com">
...
</PlausibleProvider>
}
Note: This will only work if you serve your site using next start
. Statically generated sites won't be able to rewrite the requests.
Optionally you can overwrite the proxied script subdirectory and name, as well as the custom domain for the original script:
const { withPlausibleProxy } = require('next-plausible')
module.exports = withPlausibleProxy({
subdirectory: 'yoursubdirectory',
scriptName: 'scriptName',
customDomain: 'http://example.com',
})({
// ...your next js config, if any
})
This will load the script from /yoursubdirectory/js/scriptName.js
and fetch it from http://example.com/js/script.js
.
Note: If you are self hosting plausible, you need to set customDomain
to your instance otherwise no data will be sent.
Plausible supports custom events as described at https://plausible.io/docs/custom-event-goals. This package provides the usePlausible
hook to safely access the plausible
function like this:
import { usePlausible } from 'next-plausible'
export default function PlausibleButton() {
const plausible = usePlausible()
return (
<>
<button onClick={() => plausible('customEventName')}>Send</button>
<button
id="foo"
onClick={() =>
plausible('customEventName', {
props: {
buttonId: 'foo',
},
})
}
>
Send with props
</button>
</>
)
}
If you use Typescript you can type check your custom events like this:
import { usePlausible } from 'next-plausible'
type MyEvents = {
event1: { prop1: string }
event2: { prop2: string }
event3: never
}
const plausible = usePlausible<MyEvents>()
Only those events with the right props will be allowed to be sent using the plausible
function.
npm run build
will generate the production scripts under the dist
folder.v3.6.2 (2022-09-12)
Closed issues:
FAQs
Simple integration for https://nextjs.org and https://plausible.io analytics.
The npm package next-plausible receives a total of 36,749 weekly downloads. As such, next-plausible popularity was classified as popular.
We found that next-plausible demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.