Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-virtualized-auto-sizer
Advanced tools
Standalone version of the AutoSizer component from react-virtualized
The react-virtualized-auto-sizer package is a utility component for React that automatically adjusts the size of its child component to fit the available space. It is commonly used in conjunction with other virtualization libraries to create performant, scrollable lists or grids that can handle large datasets efficiently.
Auto-sizing a child component
This feature allows you to automatically adjust the size of a List component from the react-virtualized library to fit the available space. The AutoSizer component wraps around the List and provides the height and width as props.
```jsx
import React from 'react';
import AutoSizer from 'react-virtualized-auto-sizer';
import { List } from 'react-virtualized';
const MyList = ({ items }) => (
<AutoSizer>
{({ height, width }) => (
<List
height={height}
width={width}
rowCount={items.length}
rowHeight={20}
rowRenderer={({ index, key, style }) => (
<div key={key} style={style}>
{items[index]}
</div>
)}
/>
)}
</AutoSizer>
);
export default MyList;
```
react-window is a lightweight library for rendering large lists and tabular data. It is similar to react-virtualized but focuses on providing a smaller and faster implementation. Unlike react-virtualized-auto-sizer, react-window does not include an auto-sizing component out of the box, but it can be used with react-virtualized-auto-sizer for similar functionality.
react-virtual is a hook-based library for efficiently rendering large lists and grids. It is highly customizable and offers a modern API. While it does not include an auto-sizing component, it can be combined with other libraries like react-virtualized-auto-sizer to achieve similar results.
Standalone version of the AutoSizer
component from react-virtualized
.
npm install --save react-virtualized-auto-sizer
Property | Type | Required? | Description |
---|---|---|---|
children | Function | ✓ | Function responsible for rendering children. This function should implement the following signature: ({ height?: number | undefined, width?: number | undefined }) => PropTypes.element |
className | String | Optional custom CSS class name to attach to root AutoSizer element. This is an advanced property and is not typically necessary. | |
defaultHeight | Number | Height passed to child for initial render; useful for server-side rendering. This value will be overridden with an accurate height after mounting. | |
defaultWidth | Number | Width passed to child for initial render; useful for server-side rendering. This value will be overridden with an accurate width after mounting. | |
disableHeight | Boolean | Fixed height ; if specified, the child's height property will not be managed | |
disableWidth | Boolean | Fixed width ; if specified, the child's width property will not be managed | |
nonce | String | Nonce of the inlined stylesheets for Content Security Policy | |
onResize | Function | Callback to be invoked on-resize; it is passed the following named parameters: ({ height: number, width: number }) . | |
style | Object | Optional custom inline style to attach to root AutoSizer element. This is an advanced property and is not typically necessary. | |
tagName | string | Optional HTML tag name for root element; defaults to "div" |
Some components (like those found in react-window
or react-virtualized
) require numeric width and height parameters. The AutoSizer
component can be useful if you want to pass percentage based dimensions.
import AutoSizer from "react-virtualized-auto-sizer";
// UI
<AutoSizer>
{({ height, width }) => {
// Use these actual sizes to calculate your percentage based sizes
}}
</AutoSizer>;
Flex containers don't prevent their children from growing and AutoSizer
greedily grows to fill as much space as possible. Combining the two can be problematic. The simple way to fix this is to nest AutoSizer
inside of a block
element (like a <div>
) rather than putting it as a direct child of the flex container, like so:
<div style={{ display: 'flex' }}>
<!-- Other children... -->
<div style={{ flex: '1 1 auto' }}>
<AutoSizer>
{({ height, width }) => (
<Component
width={width}
height={height}
{...props}
/>
)}
</AutoSizer>
</div>
</div>
AutoSizer
passing a height of 0?AutoSizer
expands to fill its parent but it will not stretch the parent. This is done to prevent problems with flexbox layouts. If AutoSizer
is reporting a height (or width) of 0- then it's likely that the parent element (or one of its parents) has a height of 0.
The solution to this problem is often to add height: 100%
or flex: 1
to the parent. One easy way to test this is to add a style property (eg background-color: red;
) to the parent to visually confirm that it is the expected size.
AutoSizer
to manage only width or height (not both)?You can use AutoSizer
to control only one dimension of its child component using the disableHeight
or disableWidth
attributes. For example, a fixed-height component that should grow to fill the available width can be created like so:
<AutoSizer disableHeight>
{({width}) => <Component height={200} width={width} {...props} />}
</AutoSizer>
This package targets ECMAScript 2015 (ES6) and requires a build tool such as babel-loader that is capable of parsing the ES6 class
syntax.
The specification of Content Security Policy describes as the following:
This document defines Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS).
To apply Content Security Policy, pass a nonce
to AutoSizer
and add a matching nonce-source
to the Content-Security-Policy
field in HTTP header.
FAQs
Standalone version of the AutoSizer component from react-virtualized
The npm package react-virtualized-auto-sizer receives a total of 1,125,762 weekly downloads. As such, react-virtualized-auto-sizer popularity was classified as popular.
We found that react-virtualized-auto-sizer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.