Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
react-flickity-component
Advanced tools
A React.js Flickity component.
# you need to install flickity as peer dependency, please use v2.3.0 for best experience
npm install flickity@2.3.0
npm install react-flickity-component
V4 only supports react v18 and above. V4 also comes with an esmodule bundle format to support modern frontend tooling like vite. If you are staying on react v16, please keep using v3.
// Commonjs
const Flickity = require('react-flickity-component');
// Or for ES2015 module
import Flickity from 'react-flickity-component'
const flickityOptions = {
initialIndex: 2
}
function Carousel() {
return (
<Flickity
className={'carousel'} // default ''
elementType={'div'} // default 'div'
options={flickityOptions} // takes flickity options {}
disableImagesLoaded={false} // default false
reloadOnUpdate // default false
static // default false
>
<img src="/images/placeholder.png"/>
<img src="/images/placeholder.png"/>
<img src="/images/placeholder.png"/>
</Flickity>
)
}
See a codesandbox example here: https://codesandbox.io/s/qlz12m4oj6
See an example with server side rendering:
https://github.com/theolampert/react-flickity-component-example
And with typescript:
https://github.com/theolampert/react-flickity-component-example/tree/typescript
Property | Type | Default | Description |
---|---|---|---|
className | String | '' | Applied to top level wrapper |
elementType | String | 'div' | Wrapper's element type |
options | Object | {} | Flickity initialization opions |
disableImagesLoaded | Boolean | false | Disable call reloadCells images are loaded |
flickityRef | Function | Like ref function, get Flickity instance in parent component | |
reloadOnUpdate | Boolean | false | Read next section before you set this prop. Run reloadCells and resize on componentDidUpdate |
static | Boolean | false | Read next section before you set this prop. Carousel contents are static and not updated at runtime. Useful for smoother server-side rendering however the carousel contents cannot be updated dynamically. |
Under the hood, react-flickity-component uses a React Portal to render children slides inside a Flickity instance. The need for a portal is because after Flickity is initialized, new DOM nodes (mostly Flickity wrapper elements) would be created, this changes the DOM hierarchy of the parent component, thus any future update, whether it's originated from Flickity, like adding/removing slides, or from parent, like a prop changes, will make React fail to reconcile for the DOM snapshot is out of sync.
#64 introduced a new prop to change the underlying render method: instead of portal, react-flickity-component will directly render children. This is create a smoother server-side rendering experience, but please be aware using static
prop possibly will cause all your future update to fail, which means adding/removing slides will definitely fail to render, so use with caution.
However there is a fail-safe option reloadOnUpdate
. It means every time there is a update, we tear down and set up Flickity. This will ensure that Flickity is always rendered correctly, but it's a rather costly operation and it will cause a flicker since DOM nodes are destroyed and recreated.
You can access the Flickity instance with flickityRef
prop just like ref
, and use this instance to register events and use API.
class Carousel extends React.Component {
componentDidMount = () => {
// You can register events in componentDidMount hook
this.flkty.on('settle', () => {
console.log(`current index is ${this.flkty.selectedIndex}`)
})
}
myCustomNext = () => {
// You can use Flickity API
this.flkty.next()
}
render() {
return (
<Flickity flickityRef={c => this.flkty = c}>
<img src="/images/placeholder.png"/>
<img src="/images/placeholder.png"/>
<img src="/images/placeholder.png"/>
</Flickity>
<Button onClick={myCustomNext}>My custom next button</Button>
)
}
}
Flickity may be used in commercial projects and applications with the one-time purchase of a commercial license. http://flickity.metafizzy.co/license.html
See this issue for more information
FAQs
react flickity component
The npm package react-flickity-component receives a total of 12,748 weekly downloads. As such, react-flickity-component popularity was classified as popular.
We found that react-flickity-component demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.