Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-hoax
Advanced tools
Idiomatic resourceful context.
React Hoax requires React 16.8.3 or later.
npm install --save react-hoax
This assumes that you’re using npm package manager with a module bundler like Webpack or Browserify to consume CommonJS modules.
If you don’t yet use npm or a modern module bundler, and would rather prefer a single-file UMD build that makes react-hoax
available as a global object, you can grab a pre-built version from cdnjs. We don’t recommend this approach for any serious application, as most of the libraries complementary to React Hoax are only available on npm.
React Hoax itself is a small state management library. It includes some opinionated patterns that help you use React context more effectively.
It helps simplify a lot of common use cases in the React world, including providers setup, creating reducers and selectors.
It also helps with state normalization for resources.
The byId
pattern is persuaded, check the initialState.
Example,
import { makeCollectionHoax } from "react-hoax";
const {
Provider,
useCollection,
useMember,
useSelector,
useAction,
useResourceSelector
} = makeCollectionHoax("myCustomResource", {
resourceOptions: {
initialState: {
title: "",
description: "",
keywords: [],
industry: "",
offer: ""
}
}
});
As you can see, React Hoax provides you with the essentials to start coding right away. This will create a Context provider, with the state:
{
loading: true,
loaded: false,
processing: false,
byId: {},
ids: []
}
Which works for multiple resources of the same type.
Adding a resource of id=1
, will change the state to:
{
loading: false,
loaded: true,
processing: false,
byId: {
1: {
loading: true,
loaded: false,
processing: false,
errors: {},
pristine: {},
// plus our custom attributes needed
title: "",
description: "",
keywords: [],
industry: "",
offer: ""
}
},
ids: [1]
}
It keeps it simple, check the initialState.
Example,
import { makeMemberHoax } from "react-hoax";
const initialState = {
name: ""
};
const UserHoax = makeMemberHoax("user", { initialState });
const NameField = UserHoax.Field.Input({fieldKey: "name"});
const UserForm = () => (
<UserHoax.Provider>
<NameField />
</UserHoax.Provider>
);
React Hoax provides global actions for the everyday needs:
initialize
update
updateBatch
updateOnChange
reset
resetPristine
resetPristineKey
startFetch
doneFetch
failFetch
startProcess
doneProcess
but you can add more yourself.
documentation is coming soon...
React Hoax provides opinionated reducers for member and collection resources. They make use the global actions, but also, are extendable.
Hooks provided by the React Hoax, are of two flavors.
For performant retrieving part of state (or all of it) of a resource. (i.e. useResourceSelector
, useSelector
)
But, also, for getting the action needed for dispatch from the resource's context. (i.e. useAction
)
Are you bored of passing down the components tree props and actions for simple CRUD operations on the state? Those two selector hooks on steroids will save you the time and the sanity!
Check the API of useMember
:
const [value, setValue, error, setError] = useMember({fieldKey: 'keyOnYourState'});
How fun is that?
Now check the API of useCollection
(it's basically helping with values on state that are arrays)
const {collection, setCollection, add, push, edit, remove, reorder, error, setError} = useCollection({fieldKey: 'keyOnYourState'});
COMING SOON
Well yes! Just kidding, of course, check Redux - same applies here, more or less. Enjoy!
FAQs
Idiomatic resourceful context
We found that react-hoax demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.