Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
raptor-renderer
Advanced tools
This module provides support for rendering UI components and templates and provides helper methods for injecting the resulting HTML into the DOM and binding behavior.
In the browser, this module allows behavior to be attached by publishing a raptor-renderer/renderedToDOM
message via the raptor-pubsub module when the newly rendered DOM nodes have been inserted into the DOM. The marko-widgets module listens for this event to initialize all widgets that were rendered. Internally, the list of rendered widgets is stored in the async-writer instance (specifically out.global.widgets
) that is passed to all renderers during the rendering process.
npm install raptor-renderer --save
var raptorRenderer = require('raptor-renderer');
var renderer = function(input, out) {
out.write('Hello ' + input.name + '!');
};
var targetEl = document.getElementById('myRenderTarget');
raptorRenderer.render(
renderer, // function renderer(input, out)
{ // View model
name: 'Frank'
},
function(err, renderResult) {
if (err) {
// Handle the error
}
// Append the HTML as a child of the provided target element
renderResult.appendTo(targetEl);
// Behavior (if any) has been attached automagically. Yay!
// All available methods
// - appendTo(el)
// - replace(el)
// - replaceChildrenOf(el)
// - insertBefore(el)
// - insertAfter(el)
// - prependTo(el)
});
If you know for sure that the rendering will complete synchronously then you can instead use the synchronous API by not providing a callback function:
var raptorRenderer = require('raptor-renderer');
var renderer = function(input, out) {
out.write('Hello ' + input.name + '!');
};
var targetEl = document.getElementById('myRenderTarget');
var renderResult = raptorRenderer.render(
renderer, // function renderer(input, out)
{ // View model
name: 'Frank'
});
renderResult.appendTo(targetEl);
Invokes a renderer with the provided data and invokes the provided callback when the rendering asynchronously completes. The signature for the callback function is function(err, renderResult)
where renderResult
will be an instance of RenderResult
(see below).
Synchronous version of the render
method that immediately returns a RenderResult
object.
Inserts the newly rendered DOM nodes as ending children of the target HTML element.
Returns the top-level widget (if any) associated with the rendered HTML. This method can only be called after the HTML has been inserted into the DOM (e.g. using appendTo(document.body)
);
Example:
var buttonWidget = require('raptor-renderer').render(
buttonRenderer,
{
label: label
})
.appendTo(document.body)
.getWidget();
buttonWidget.disable();
Returns an array of all of the rendered widgets;
Inserts the newly rendered DOM nodes as siblings immediately after the target HTML element.
Inserts the newly rendered DOM nodes as siblings immediately before the target HTML element.
Inserts the newly rendered DOM nodes as beginning children of the target HTML element.
Removes the target element and replaces is with the newly rendered DOM nodes.
Removes the child nodes of the target element and replaces them with the newly rendered DOM nodes.
Returns the output HTML string.
FAQs
Helper module to invoke renderers
The npm package raptor-renderer receives a total of 326 weekly downloads. As such, raptor-renderer popularity was classified as not popular.
We found that raptor-renderer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.