react-cmf
Advanced tools
This is a library to help you to build configurable React App.
It provides a set of base components and patterns.
CMF definition from wikipedia:
A content management framework (CMF) is a system that facilitates the use of reusable components or customized software for managing Web content. It shares aspects of a Web application framework and a content management system
It fits with our goal, this is why this add-on has been named that way.
A user interact with a view using mouse and/or keyboard which send events from a content and that interaction dispatch an action. That action may change the current view or the content displayed.
We have the following objects to build a user interface:
Let's talk about each of them.
Views are special React component. They are high level component which has the following responsibility: They must dispatch props to configurable components.
They are called by UI abstraction library from the router and connected to the store throw the settings.
So a view is can be a pure component.
Then view will be composed of react components that can get their props.
Actions are redux actions.
Component state can be easily stored in cmf state, each are identified by their name and an unique key, so component state can be stored and reused later
Manage a local cache of your business data
A content type defines metadata over content. For example when you display a list of article you say each item in this list are an article which is a content type.
We are adding metadata over content type:
You will find the registry as the central piece of ui abstraction. It's just a key/object registry and it's used with prefix to store the following:
cmf store structure is the following
FAQs
A framework built on top of best react libraries
The npm package react-cmf receives a total of 54 weekly downloads. As such, react-cmf popularity was classified as not popular.
We found that react-cmf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket Research Team investigates a malicious npm package that appears to be an Advcash integration but triggers a reverse shell during payment success, targeting servers handling transactions.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.