Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-aptor
Advanced tools
React API Connector
Most packages are developed separately in javascript or typescript for increasing generality to make them us in all libraries and frameworks.
Connecting third parties to react is not a routine task. on the other hand, different teams might develop these packages hence development progress can be one step behind the original or terminated at any time. Also, wrong abstraction or bad design patterns may slow down progress or block it at every new release.
List of some other concerns:
We strived to solve them all at once
The unparsed project size is less than 1 kilobyte (the greatest file is 352 bytes).
Your used/defined APIs are entirely under your control. Make it possible to define a slice of APIs which you are surely going to use.
Developed with lots of care, try to be zero-anti-pattern in react.
Simple with a good developer experience.
It was developed in typescript and provide the following on the fly:
Connect your react app to any third party in three-step
useAptor
Define the instantiate function.
// construct.js
import Something from 'your-third-party'
export default function instantiate(node, params) =>
new Something(node, options)
This function will return an instance of the third-party package. You have access to node (DOM-node) and params.
The node is passed by react-aptor as a reference to DOM that is occasionally used as a wrapper for embedding UI. Params are optional parameters that are passed by react-aptor and define by you. see the third step.
Define the get API function.
// api.js
export default function getAPI(instance, params) {
return () => ({
api_key: () => {
/* api defenition */
},
});
}
react-aptor will pass instance and params to your getAPI
function. The instance is your third-party instance which has been defined in the first step.
Params are optional parameters that are passed by react-aptor and define by you. see the third step.
// connector.jsx
import useAptor from "react-aptor";
import getAPI from "./api";
import instantiate from "./construct";
const Connector = (props, ref) => {
const aptorRef = useAptor(ref, {
getAPI,
instantiate,
/* params: anything */,
});
return <div ref={aptorRef} />;
};
export default React.forwardRef(Connector);
For the connection phase, you need to define a forwardRef
component, grab forwarded-ref and pass that as the first argument ofuseAptor
hook. As the configuration argument you need to pass defined instantiate
(defined in the first step), getAPI
(defined in the second step), and your custom params argument. The useAptor hook will return you a ref (aptorRef
) with must be bound to your returned DOM node.
The params will be then passed to your instantiate
and getAPI
function, as you saw in the first and second steps.
The value of params doesn't have any limitation and it can be any arbitrary type (e.g. undefined
, number
, string
, object
). You have full access to props in your component and you can define params value by props too.
Usage Step
const Main = () => {
const ref = createRef();
const apiKeyHandler = () => ref.current?.api_key();
return (
<div>
<Connector ref={ref} />
<Button onClick={apiKeyHandler}>api call</Button>
</div>
);
};
Pass createRef
to the Connector component (made in the third step), and then you can access all of the APIs inside ref.current
The project was developed by typescript, see samples for more info.
🎨 Designer (BTC):
bc1q9fahyct3lrdz47pjf4kfxvsyum2dm74v2hv9xl
💻 Developer/Maintainer (BTC):
bc1qq8qq63ex7svkkjdjn5axu8angfxytvs83nlujk
typescript
Quill is a free, open source WYSIWYG editor built for the modern web.
Fabric.js is a powerful and simple. Javascript HTML5 canvas library
FAQs
React API connector
The npm package react-aptor receives a total of 10,416 weekly downloads. As such, react-aptor popularity was classified as popular.
We found that react-aptor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.