Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-i18nliner
Advanced tools
react-i18nliner brings I18nliner
to React via the html translate
attribute. I18n doesn't get any easier than this.
react-i18nliner lets you do this:
<p translate="yes">
Hey {this.props.user.name}!
Although I am <Link to="route">linking to something</Link> and
have some <strong>bold text</strong>, the translators will see
<strong><em>absolutely no markup</em></strong> and will only have a
single string to translate :o
</p>
Write your components as you normally would, and just put a
translate="yes"
attribute on any element/component that needs to be
localized.
Best of all, you don't need to maintain translation files anymore; I18nliner will do it for you.
react-i18nliner preprocesses your JSX, transforming it into something truly localizable. It infers placeholders for expressions and wrappers for elements/components, and separates the localizable string. At runtime, it localizes the string, interpolating the wrappers and placeholders into the correct locations.
Localizable strings are detected both from the text nodes, as well as from translatable attributes within the translate="yes"
element.
react-i18nliner enhances I18nliner, so that it can extract any of these
translate="yes"
strings from your codebase (in addition to regular
I18n.t
calls). Once you get everything translated, just stick it on
I18n.translations
and everything will Just Work™.
A placeholder will be created for the input:
<label translate="yes">
Create <input /> new accounts
</label>
As well as for arbitrary JSX expressions:
<div translate="yes">
Welcome back, {user.name}.
</div>
Translators won't see any markup; it will be replaced with a simple wrapper
notation. In this example, the extracted string would be "That is *not* the right answer"
:
<div translate="yes">
That is <b>not</b> the right answer
</div>
In addition to the "Edit your settings *here*"
string, the
Your Account"
will also be preprocessed, since it is a valid
translatable attribute.
<div translate="yes">
Edit your settings <a href="/foo" title="Your Account">here</a>
</div>
Get i18n-js and i18nliner installed per these instructions.
npm install react-i18nliner --save
And make sure your .i18nrc
file has:
{
"plugins": [
"react-i18nliner"
]
}
This will ensure that when you export strings for translation, all of your
new translate="yes"
stuff will get picked up.
How you hook up the preprocessor will depend on how you bundle your assets:
Add this loader to your config, e.g.
{
module: {
loaders: [
{ test: /\.js$/, loader: "react-i18nliner/webpack-loader" }
...
],
},
...
}
Use this transform, e.g.
$ browserify -t react-i18nliner/browserify-transform app.js > bundle.js
It's not too hard to roll your own; as you can see in the loader and
transform above, the heavy lifting is done by preprocess
. So whether
you use ember-cli, sprockets, grunt concat, etc., it's relatively
painless to add a little glue code that runs preprocess on each
source file.
Assuming you have a cjs-style app, do something like this:
var I18n = require("./path/to/cjs'd/i18n");
require("i18nliner/dist/lib/extensions/i18n_js")["default"](I18n);
require("react-i18nliner/extensions/i18n_js")(I18n);
If you're using AMD/<script>
/something else, see the i18nliner-js README
for hints; these extensions can be set up exactly the same way as
i18nliner-js's.
Since react-i18nliner is just an i18nliner plugin, you can use the
i18nliner bin / grunt task to extract translations from your codebase;
it will pick up normal I18n.t
usage, as well as your new
translate="yes"
components.
Once you've gotten all your translations back from the translators,
simply stick them the giant blob 'o json on I18n.translations
; it
expects the translations to be of the format:
I18n.translations = {
"en": {
"some_key": "Hello World",
"another_key": "What's up?"
}
"es": {
"some_key": "Hola mundo",
"another_key": "¿Qué tal?"
},
...
}
If you have certain tags that you always want to translate (e.g. <h1>
),
you can specify them in your .i18nrc
via autoTranslateTags
, e.g.
{
"autoTranslateTags": ["h1", "h2", "h3", "h4", "h5", "h6", "p"]
}
These tags will have an implicit translate="yes"
, keeping your markup
simple.
Similarly, if you have certain tags you don't want to auto-translate
(e.g. <code>
), you can specify those in a similar manner:
{
"neverTranslateTags": ["code"],
}
Then if those are ever nested in a larger translatable element, they will be assumed to be untranslatable, and a placeholder will be created for them.
i18nliner does support basic pluralization (via i18n-js), but you need to use pure js for that, e.g.
<div>
{I18n.t({one: "You have 1 item", other: "You have %{count} items"}, {count: theCount})}
</div>
i18n-js doesn't support gender-based localizations, but I do plan on making i18nliner work with other backends soon (e.g. i18next, FormatJS). Watch this space, or better yet, create a pull request ;)
This kind of gets to a general rule of i18n: don't concatenate strings. For example,
return (<b translate="yes">
You are {this.props.isAuthorized ? "authorized" : "NOT authorized"}
</b>);
The extracted string will be "You are %{opaque_placeholder}"
and the
translators won't get a chance to translate the two inner strings (much
less without context). So don't do that; whenever you have logically
different sentences/phrases, internationalize them separately, e.g.
return (this.props.isAuthorized ?
<b translate="yes">You are authorized</b> :
<b translate="yes">You are NOT authorized</b>);
NOTE: in a subsequent release of react-i18nliner, the former example
will cause an i18nliner:check
failure. You've been warned :)
Copyright (c) 2015 Jon Jensen, released under the MIT license
FAQs
i18n made simple
The npm package react-i18nliner receives a total of 950 weekly downloads. As such, react-i18nliner popularity was classified as not popular.
We found that react-i18nliner demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.