Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
next-plugin-preval
Advanced tools
> Pre-evaluate async functions (for data fetches) at build time and import them like JSON
Pre-evaluate async functions (for data fetches) at build time and import them like JSON
// data.preval.js (or data.preval.ts)
// step 1: create a data.preval.js (or data.preval.ts) file
import preval from 'next-plugin-preval';
// step 2: write an async function that fetches your data
async function getData() {
const { title, body } = await /* your data fetching function */;
return { title, body };
}
// step 3: export default and wrap with `preval()`
export default preval(getData());
// Component.js (or Component.ts)
// step 4: import the preval
import data from './data.preval';
// step 5: use the data. (it's there synchronously from the build step!)
const { title, body } = data;
function Component() {
return (
<>
<h1>{title}</h1>
<p>{body}</p>
</>
);
}
export default Component;
The primary mechanism Next.js provides for static data is getStaticProps
— which is a great feature and is the right tool for many use cases. However, there are other use cases for static data that are not covered by getStaticProps
.
getStaticProps
is a somewhat awkward mechanism because for each new page, you'll have to re-fetch that same static data. For example, if you use getStaticProps
to fetch content for your header, that data will be re-fetched on every page change.getStaticProps
does not work for API routes while next-plugin-preval
does.next-plugin-preval
behaves like importing JSON, you can leverage the optimizations bundlers have for importing standard static assets. This includes standard code-splitting and de-duping.See the recipes for concrete examples.
yarn add next-plugin-preval
or
npm i next-plugin-preval
// next.config.js
const createNextPluginPreval = require('next-plugin-preval/config');
const withNextPluginPreval = createNextPluginPreval();
module.exports = withNextPluginPreval(/* optionally add a next.js config */);
Create a file with the extension .preval.ts
or .preval.js
then export a promise wrapped in preval()
.
// my-data.preval.js
import preval from 'next-plugin-preval';
async function getData() {
return { hello: 'world'; }
}
export default preval(getData());
Then import that file anywhere. The result of the promise is returned.
// component.js (or any file)
import myData from './my-data.preval'; // 👈 this is effectively like importing JSON
function Component() {
return (
<div>
<pre>{JSON.stringify(myData, null, 2)}</pre>
</div>
);
}
export default Component;
When you import a .preval
file, it's like you're importing JSON. next-plugin-preval
will run your function during the build and inline a JSON blob as a module.
This works via a webpack loader that takes your code, compiles it, and runs it inside of Node.js.
require('next')
. For most data queries this should be sufficient, however please open an issue if something seems off.// header-data.preval.js
import preval from 'next-plugin-preval';
async function getHeaderData() {
const headerData = await /* your data fetching function */;
return headerData;
}
export default preval(getHeaderData());
// header.js
import headerData from './header-data.preval';
const { title } = headerData;
function Header() {
return <header>{title}</header>;
}
export default Header;
// products.preval.js
import preval from 'next-plugin-preval';
async function getProducts() {
const products = await /* your data fetching function */;
// create a hash-map for O(1) lookups
return products.reduce((productsById, product) => {
productsById[product.id] = product;
return productsById;
}, {});
}
export default preval(getProducts());
// /pages/api/products/[id].js
import productsById from '../products.preval.js';
const handler = (req, res) => {
const { id } = req.params;
const product = productsById[id];
if (!product) {
res.status(404).end();
return;
}
res.json(product);
};
export default handler;
// states.preval.js
import preval from 'next-plugin-preval';
async function getAvailableStates() {
const states = await /* your data fetching function */;
return states;
}
export default preval(getAvailableStates());
// state-picker.js
import { useState, useEffect } from 'react';
function StatePicker({ value, onChange }) {
const [states, setStates] = useState([]);
useEffect(() => {
// ES6 dynamic import
import('./states.preval').then((response) => setStates(response.default));
}, []);
if (!states.length) {
return <div>Loading…</div>;
}
return (
<select value={value} onChange={onChange}>
{states.map(({ label, value }) => (
<option key={value} value={value}>
{label}
</option>
))}
</select>
);
}
As stated in the notes, the result of next-plugin-preval won't change after it leaves the build. However, you can still make preview mode work if you extract your data fetching function and conditionally call it based on preview mode (via context.preview
. If preview mode is not active, you can default to the preval file.
// get-data.js
// 1. extract a data fetching function
async function getData() {
const data = await /* your data fetching function */;
return data
}
// data.preval.js
import preval from 'next-plugin-preval';
import getData from './getData';
// 2. use that data fetching function in the preval
export default preval(getData());
// /pages/some-page.js
import data from './data.preval';
import getData from './get-data';
export async function getStaticProps(context) {
// 3. conditionally call the data fetching function defaulting to the prevalled version
const data = context.preview ? await getData() : data;
return { props: { data } };
}
next-data-hooks
— creates a pattern to use getStaticProps
as React hooks. Great for the site-wide data case when preview mode or ISR is needed.FAQs
> Pre-evaluate async functions (for data fetches) at build time and import them like JSON
We found that next-plugin-preval demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.