Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Preact is a fast, 3kB alternative to React with the same modern API. It provides the thinnest possible Virtual DOM abstraction on top of the DOM. Its goal is to provide the same rich and robust ecosystem that React has, while being leaner and more efficient, often used for performance-critical applications and situations where bundle size is a factor.
Creating Components
This code sample demonstrates how to create a simple Preact component and render it to the DOM. It's similar to React but with a smaller footprint.
import { h, render, Component } from 'preact';
class MyComponent extends Component {
render() {
return <div>Hello, Preact!</div>;
}
}
render(<MyComponent />, document.body);
Using Hooks
This code sample shows how to use hooks in Preact, specifically the useState hook to create a simple counter component.
import { h, render, useState } from 'preact/hooks';
function Counter() {
const [count, setCount] = useState(0);
return (
<div>
<p>You clicked {count} times</p>
<button onClick={() => setCount(count + 1)}>
Click me
</button>
</div>
);
}
render(<Counter />, document.body);
Preact/Compat
This code sample illustrates how to use Preact/Compat to achieve React compatibility, allowing developers to use Preact as a drop-in replacement for React.
import React from 'preact/compat';
import ReactDOM from 'preact/compat';
function App() {
return <h1>Hello from Preact/Compat</h1>;
}
ReactDOM.render(<App />, document.getElementById('app'));
React is a declarative, efficient, and flexible JavaScript library for building user interfaces. It's larger in size compared to Preact but has a larger ecosystem and more built-in features.
Inferno is an extremely fast, React-like library for building high-performance user interfaces on both the client and server. It's similar to Preact in terms of performance goals but has its own set of APIs and optimizations.
Vue.js is a progressive framework for building user interfaces. Unlike Preact, Vue has a different API and embraces a different philosophy, focusing on declarative rendering and component composition with a more opinionated set of tools.
Svelte is a radical new approach to building user interfaces. Instead of doing the bulk of its work in the browser, Svelte shifts that work into a compile step that happens when you build your app. It's different from Preact in that it doesn't use a virtual DOM.
Fast 3kB alternative to React with the same modern API.
All the power of Virtual DOM components, without the overhead:
You can find some awesome libraries in the awesome-preact list :sunglasses:
💁 Note: You don't need ES2015 to use Preact... but give it a try!
With Preact, you create user interfaces by assembling trees of components and elements. Components are functions or classes that return a description of what their tree should output. These descriptions are typically written in JSX (shown underneath), or HTM which leverages standard JavaScript Tagged Templates. Both syntaxes can express trees of elements with "props" (similar to HTML attributes) and children.
To get started using Preact, first look at the render() function. This function accepts a tree description and creates the structure described. Next, it appends this structure to a parent DOM element provided as the second argument. Future calls to render() will reuse the existing tree and update it in-place in the DOM. Internally, render() will calculate the difference from previous outputted structures in an attempt to perform as few DOM operations as possible.
import { h, render } from 'preact';
// Tells babel to use h for JSX. It's better to configure this globally.
// See https://babeljs.io/docs/en/babel-plugin-transform-react-jsx#usage
// In tsconfig you can specify this with the jsxFactory
/** @jsx h */
// create our tree and append it to document.body:
render(
<main>
<h1>Hello</h1>
</main>,
document.body
);
// update the tree in-place:
render(
<main>
<h1>Hello World!</h1>
</main>,
document.body
);
// ^ this second invocation of render(...) will use a single DOM call to update the text of the <h1>
Hooray! render() has taken our structure and output a User Interface! This approach demonstrates a simple case, but would be difficult to use as an application grows in complexity. Each change would be forced to calculate the difference between the current and updated structure for the entire application. Components can help here – by dividing the User Interface into nested Components each can calculate their difference from their mounted point. Here's an example:
import { render, h } from 'preact';
import { useState } from 'preact/hooks';
/** @jsx h */
const App = () => {
const [input, setInput] = useState('');
return (
<div>
<p>Do you agree to the statement: "Preact is awesome"?</p>
<input value={input} onInput={e => setInput(e.target.value)} />
</div>
);
};
render(<App />, document.body);
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Support us with a monthly donation and help us continue our activities. [Become a backer]
MIT
FAQs
Fast 3kb React-compatible Virtual DOM library.
The npm package preact receives a total of 4,333,922 weekly downloads. As such, preact popularity was classified as popular.
We found that preact demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.