Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
prop-types-exact
Advanced tools
For use with React PropTypes. Will error on any prop not explicitly specified.
The prop-types-exact npm package is used to enforce that no additional (undeclared) props are passed to a React component than the ones specified in the propTypes object. This is useful for catching typos or unwanted extra props that might be passed to a component due to refactoring or changes in the codebase.
Enforcing exact prop types
This code sample demonstrates how to use prop-types-exact to ensure that the MyComponent only receives the props 'name' and 'age', and no additional props. If any extra props are passed, a warning will be shown in the console during development.
{"MyComponent.propTypes = PropTypesExact({ name: PropTypes.string, age: PropTypes.number }); MyComponent.defaultProps = { name: 'John Doe', age: 30 };"}
The airbnb-prop-types package provides a collection of PropTypes for React, similar to prop-types-exact, but with additional custom validators. It does not focus solely on exact prop validation but offers more general-purpose validators.
This package offers PropTypes validators that are compatible with Immutable.js. While it does not provide the exact prop validation feature of prop-types-exact, it is useful for projects using Immutable.js data structures.
For use with React PropTypes. Will error on any prop not explicitly specified.
import PropTypes from 'prop-types';
import exact from 'prop-types-exact';
function Foo({ foo, bar }) {
return <div>{foo}{bar}</div>
}
Foo.propTypes = exact({
foo: PropTypes.string,
bar: PropTypes.number,
});
<Foo foo="hi" bar={3} /> // no warnings
<Foo foo="hi" bar={3} baz="extra" /> // propTypes warning!
Simply clone the repo, npm install
, and run npm test
FAQs
For use with React PropTypes. Will error on any prop not explicitly specified.
The npm package prop-types-exact receives a total of 1,612,447 weekly downloads. As such, prop-types-exact popularity was classified as popular.
We found that prop-types-exact demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.