Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
react-scientist
Advanced tools
👩‍🔬 React Scientist 
Simple React components for split testing and analytics
Installation
$ npm install react-scientist
$ yarn add react-scientist
Components
Experiment
Props
| name | type | required | default | description |
|---|---|---|---|---|
name | string | âś… | The name of the experiment | |
id | string | "" | An external experiment ID, e.g. from Google Optimize | |
userId | string | "" | A static user ID to ensure logged-in users have consistent experiences when running experiments | |
domain | string | document.location.host | The domain that the variant cookie should be set on. | |
variants | array | âś… | List of possible variants for the experiment to choose from. |
Usage
import React from 'react';
import { render } from 'react-dom';
import { Experiment } from 'react-scientist';
// Override the static `onStart` method to listen when users are enrolled in an experiment.
// NOTE: Overriding the `onStart` method should happen **before** the React app is rendered to the DOM.
Experiment.onStart = ({ experimentName, experimentId, variantIndex, variantName }) => {
// Handle experiment start. Typically will send an analytic event to Segment, Google Analytics, etc.
};
const LoginTitleExperiment = () => (
<Experiment
name="Login Title"
variants={[
{
name: 'Control',
weight: 0.5,
render: () => <h1>Sign In</h1>,
},
{
name: 'Login',
weight: 0.5,
render: () => <h1>Login</h1>,
},
]}
/>
);
render(<LoginTitleExperiment />);
Cross Domain Experiments
<Experiment /> uses cookies to store the active variant for your running experiments. If you'd like to run experiments on both a naked domain and a subdomain, pass the root domain as the domain prop. Make sure to prefix the domain with leading . so the cookie will be accessible across any property.
<Experiment
name="Cross Domain"
domain=".example.com"
variants={[
{
name: 'Control',
weight: 0.5,
render: () => <h1>Sign In</h1>,
},
{
name: 'Login',
weight: 0.5,
render: () => <h1>Login</h1>,
},
]}
/>
Metric
Props
| name | type | required | default | description |
|---|---|---|---|---|
name | string | âś… | The name of the event, e.g. Button Clicked | |
on | string | click | The event to listen to, e.g. click, hover | |
data | object | {} | Extra data to send along with the event, e.g. { location: 'banner' } | |
options | object | {} | Options to pass to Event handler |
Usage
import React from 'react';
import { render } from 'react-dom';
import { Metric } from 'react-scientist';
// Override the static `onEvent` method to listen when events are captured. NOTE: Overriding the `onEvent`
// method should happen **before** the React app is rendered to the DOM.
Metric.onEvent = ({ name, data, options }) => {
// Handle event capture. Typically will send an analytic event to Segment, Google Analytics, etc.
};
const MetricExample = () => (
<Metric name="Facebook Login Clicked">
<Button>Login With Facebook</Button>
</Metric>
);
render(<MetricExample />);
License
MIT © Sappira Inc.
FAQs
Simple React components for split testing and analytics
The npm package react-scientist receives a total of 14 weekly downloads. As such, react-scientist popularity was classified as not popular.
We found that react-scientist demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 05 Aug 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025