Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The react npm package is a JavaScript library for building user interfaces, particularly for single-page applications. It allows developers to create reusable UI components and manage the state of their applications efficiently.
Component-Based Architecture
React allows developers to encapsulate UI logic and design into components, which can then be composed to build complex user interfaces.
class Welcome extends React.Component {
render() {
return <h1>Hello, {this.props.name}</h1>;
}
}
ReactDOM.render(<Welcome name='Jane' />, document.getElementById('root'));
State Management
React provides a way to manage the state within components, enabling dynamic and interactive user interfaces.
class Counter extends React.Component {
constructor(props) {
super(props);
this.state = { count: 0 };
}
increment = () => {
this.setState({ count: this.state.count + 1 });
};
render() {
return (
<div>
<p>{this.state.count}</p>
<button onClick={this.increment}>Increment</button>
</div>
);
}
}
Lifecycle Methods
React components come with lifecycle methods that are invoked at specific points in a component's lifecycle, allowing developers to hook into the component's creation, updating, and destruction processes.
class Timer extends React.Component {
componentDidMount() {
this.timerID = setInterval(() => this.tick(), 1000);
}
componentWillUnmount() {
clearInterval(this.timerID);
}
tick() {
this.setState({
date: new Date()
});
}
render() {
return (
<div>
<h2>It is {this.state.date.toLocaleTimeString()}.</h2>
</div>
);
}
}
Hooks
Hooks are functions that let developers 'hook into' React state and lifecycle features from function components. They provide a way to use stateful logic without writing a class.
import { useState, useEffect } from 'react';
function Example() {
const [count, setCount] = useState(0);
useEffect(() => {
document.title = `You clicked ${count} times`;
});
return (
<div>
<p>You clicked {count} times</p>
<button onClick={() => setCount(count + 1)}>
Click me
</button>
</div>
);
}
Vue.js is a progressive JavaScript framework used for building user interfaces. Unlike React, which is only the view layer, Vue includes a more comprehensive set of tools for building web applications, including a routing solution and state management solution.
Angular is a platform and framework for building single-page client applications using HTML and TypeScript. Angular is more prescriptive than React, providing a standard way to structure an application and including a wide array of features out-of-the-box, such as dependency injection, templating, routing, and more.
Preact is a fast, 3kB alternative to React with the same modern API. It provides the thinnest possible Virtual DOM abstraction on top of the DOM. Preact is a good choice for when performance is critical, and the application needs to be as lightweight as possible.
Svelte is a radical new approach to building user interfaces. Whereas traditional frameworks like React and Vue do the bulk of their work in the browser, Svelte shifts that work into a compile step that happens when you build your app, resulting in significantly smaller and faster applications.
react
React is a JavaScript library for creating user interfaces.
The react
package contains only the functionality necessary to define React components. It is typically used together with a React renderer like react-dom
for the web, or react-native
for the native environments.
Note: by default, React will be in development mode. The development version includes extra warnings about common mistakes, whereas the production version includes extra performance optimizations and strips all error messages. Don't forget to use the production build when deploying your application.
import { useState } from 'react';
import { createRoot } from 'react-dom/client';
function Counter() {
const [count, setCount] = useState(0);
return (
<>
<h1>{count}</h1>
<button onClick={() => setCount(count + 1)}>
Increment
</button>
</>
);
}
const root = createRoot(document.getElementById('root'));
root.render(<Counter />);
19.0.0 (December 5, 2024)
Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.
Note: To help make the upgrade to React 19 easier, we’ve published a react@18.3 release that is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19. We recommend upgrading to React 18.3.1 first to help identify any issues before upgrading to React 19.
startTransition
can now accept async functions. Functions passed to startTransition
are called “Actions”. A given Transition can include one or more Actions which update state in the background and update the UI with one commit. In addition to updating state, Actions can now perform side effects including async requests, and the Action will wait for the work to finish before finishing the Transition. This feature allows Transitions to include side effects like fetch()
in the pending state, and provides support for error handling, and optimistic updates.useActionState
: is a new hook to order Actions inside of a Transition with access to the state of the action, and the pending state. It accepts a reducer that can call Actions, and the initial state used for first render. It also accepts an optional string that is used if the action is passed to a form action
prop to support progressive enhancement in forms.useOptimistic
: is a new hook to update state while a Transition is in progress. It returns the state, and a set function that can be called inside a transition to “optimistically” update the state to expected final value immediately while the Transition completes in the background. When the transition finishes, the state is updated to the new value.use
: is a new API that allows reading resources in render. In React 19, use
accepts a promise or Context. If provided a promise, use
will suspend until a value is resolved. use
can only be used in render but can be called conditionally.ref
as a prop: Refs can now be used as props, removing the need for forwardRef
.<form> action
prop: Form Actions allow you to manage forms automatically and integrate with useFormStatus
. When a <form> action
succeeds, React will automatically reset the form for uncontrolled components. The form can be reset manually with the new requestFormReset
API.<button> and <input> formAction
prop: Actions can be passed to the formAction
prop to configure form submission behavior. This allows using different Actions depending on the input.useFormStatus
: is a new hook that provides the status of the parent <form> action
, as if the form was a Context provider. The hook returns the values: pending
, data
, method
, and action
.<head>
section of the document.<head>
on the client before revealing the content of a Suspense boundary that depends on that stylesheet.preinit
, preload
, prefetchDNS
, and preconnect
APIs to optimize initial page loads by moving discovery of additional resources like fonts out of stylesheet loading. They can also be used to prefetch resources used by an anticipated navigation.prerender
and prerenderToNodeStream
APIs for static site generation. They are designed to work with streaming environments like Node.js Streams and Web Streams. Unlike renderToString
, they wait for data to load for HTML generation.element.ref
access: React 19 supports ref as a prop, so we’re deprecating element.ref
in favor of element.props.ref
. Accessing will result in a warning.react-test-renderer
: In React 19, react-test-renderer logs a deprecation warning and has switched to concurrent rendering for web usage. We recommend migrating your tests to @testing-library/react or @testing-library/react-nativeReact 19 brings in a number of breaking changes, including the removals of long-deprecated APIs. We recommend first upgrading to 18.3.1
, where we've added additional deprecation warnings. Check out the upgrade guide for more details and guidance on codemodding.
onUncaughtError
and onCaughtError
methods to createRoot
and hydrateRoot
to customize this error handling.propTypes
: Using propTypes
will now be silently ignored. If required, we recommend migrating to TypeScript or another type-checking solution.defaultProps
for functions: ES6 default parameters can be used in place. Class components continue to support defaultProps
since there is no ES6 alternative.contextTypes
and getChildContext
: Legacy Context for class components has been removed in favor of the contextType
API.React.createFactory
: Now that JSX is broadly supported, all createFactory
usage can be migrated to JSX components.react-test-renderer/shallow
: This has been a re-export of react-shallow-renderer since React 18. If needed, you can continue to use the third-party package directly. We recommend using @testing-library/react or @testing-library/react-native instead.react-dom/test-utils
: We’ve moved act
from react-dom/test-utils
to react. All other utilities have been removed.ReactDOM
.render
, ReactDOM
.hydrate
: These have been removed in favor of the concurrent equivalents: ReactDOM
.createRoot
and ReactDOM.hydrateRoot
.unmountComponentAtNode
: Removed in favor of root.unmount()
.ReactDOM
.findDOMNode
: You can replace ReactDOM
.findDOMNode
with DOM Refs.<Context>
as a provider: You can now render <Context>
as a provider instead of <Context.Provider>
.useDeferredValue
initial value argument: When provided, useDeferredValue
will return the initial value for the initial render of a component, then schedule a re-render in the background with the deferredValue
returned.useMemo
and useCallback
will now reuse the memoized results from the first render, during the second render. Additionally, StrictMode will now double-invoke ref callback functions on initial mount.The most common changes can be codemodded with npx types-react-codemod@latest preset-19 ./path-to-your-react-ts-files
.
ReactChild
(replacement: React.ReactElement | number | string)
ReactFragment
(replacement: Iterable<React.ReactNode>
)ReactNodeArray
(replacement: ReadonlyArray<React.ReactNode>
)ReactText
(replacement: number | string
)VoidFunctionComponent
(replacement: FunctionComponent
)VFC
(replacement: FC
)prop-types
: Requireable
, ValidationMap
, Validator
, WeakValidationMap
create-react-class
: ClassicComponentClass
, ClassicComponent
, ClassicElement
, ComponentSpec
, Mixin
, ReactChildren
, ReactHTML
, ReactSVG
, SFCFactory
useRef
: The initial argument is now required to match useState
, createContext
etcuseRef()
are now always mutable instead of sometimes being immutable. This feature was too confusing for users and conflicted with legit cases where refs were managed by React and manually written to.ReactElement
typing: The props of React elements now default to unknown
instead of any
if the element is typed as ReactElement
JSX
namespace is removed to improve interoperability with other libraries using JSX. Instead, the JSX namespace is available from the React package: import { JSX } from 'react'
useReducer
typings: Most useReducer
usage should not require explicit type arguments.-useReducer<React.Reducer<State, Action>>(reducer)
+useReducer(reducer)
or
-useReducer<React.Reducer<State, Action>>(reducer)
+useReducer<State, Action>(reducer)
useActionState()
hook to update state based on the result of a Form Action (#27270, #27278, #27309, #27302, #27307, #27366, #27370, #27321, #27374, #27372, #27397, #27399, #27460, #28557, #27570, #27571, #28631, #28788, #29694, #29695, #29694, #29665, #28232, #28319 by @acdlite, @eps1lon, and @rickhanlonii)use()
API to read resources in render (#25084, #25202, #25207, #25214, #25226, #25247, #25539, #25538, #25537, #25543, #25561, #25620, #25615, #25922, #25641, #25634, #26232, #26536, #26739, #28233 by @acdlite, @MofeiZ, @sebmarkbage, @sophiebits, @eps1lon, and @hansottowirtz)useOptimistic()
hook to display mutated state optimistically during an async mutation (#26740, #26772, #27277, #27453, #27454, #27936 by @acdlite)initialValue
argument to useDeferredValue()
hook (#27500, #27509, #27512, #27888, #27550 by @acdlite)element.ref
access (#28348, #28464, #28731 by @acdlite)<Context>
to mean <Context.Provider>
(#28226 by @gaearon)info
, group
, and groupCollapsed
in StrictMode logging (#25172 by @timneutkens)useSyncExternalStore()
hydration in StrictMode (#26791 by @sophiebits)componentWillUnmount()
in StrictMode (#26842 by @tyao1)useState()
and useReducer()
initializer functions in StrictMode (#28248 by @eps1lon)useId()
in StrictMode (#25713 by @gnoff)act()
no longer checks shouldYield
which can be inaccurate in test environments (#26317 by @acdlite)react.element
symbol to react.transitional.element
(#28813 by @sebmarkbage)useSyncExternalStore()
re-render (#27199 by @acdlite)useSyncExternalStore()
dropped update when state is dispatched in render phase (#25578 by @pandaiolo)RefreshRuntime.findAffectedHostInstances
(#30538 by @gaearon)cache()
API (#27977, #28250 by @acdlite and @gnoff)propTypes
(#28324, #28326 by @gaearon)defaultProps
support, except for classes (#28733 by @acdlite)createFactory
(#27798 by @kassens)useFormStatus()
hook to provide status information of the last form submission (#26719, #26722, #26788, #29019, #28728, #28413 by @acdlite and @eps1lon)preinit
, preinitModule
, preconnect
, prefetchDNS
, preload
, and preloadModule
APIs.
fetchPriority
to <img>
and <link>
(#25927 by @styfle)transformOrigin
prop (#26130 by @arav-ind)onScrollEnd
event (#26789 by @devongovett)<hr>
as child of <select>
(#27632 by @SouSingh)inert
(#24730 by @eps1lon)imageSizes
and imageSrcSet
(#22550 by @eps1lon)flushSync
exhausts queue even if something throws (#26366 by @acdlite)react
and react-dom
versions don’t match (#29236 by @acdlite)srcset
and src
are assigned last on <img>
instances (#30340 by @gnoff)src
and href
attributes (unless for <a href=”” />
) (#18513, #28124 by @bvaughn and @eps1lon)scale
style property (#25601 by @JonnyBurger)onChange
error message for controlled <select>
(#27740 by @Biki-das)render
, hydrate
, findDOMNode
, unmountComponentAtNode
, unstable_createEventHandle
, unstable_renderSubtreeIntoContainer
, and unstable_runWithPriority
. Move createRoot
and hydrateRoot
to react-dom/client
. (#28271 by @gnoff)test-utils
(#28541 by @eps1lon)unstable_flushControlled
(#26397 by @kassens)renderToStaticNodeStream()
(#28873 by @gnoff)unstable_renderSubtreeIntoContainer
(#29771 by @kassens)bootstrapScripts
and bootstrapModules
(#25104 by @gnoff)bootstrapModules
, bootstrapScripts
, and update priority queue (#26754, #26753, #27190, #27189 by @gnoff)onHeaders
entrypoint option (#27641, #27712 by @gnoff)<style>
and <script>
textContent to enable rendering inner content without dangerouslySetInnerHTML (#28870, #28871 by @gnoff)srcset
to trigger load event on mount (#30351 by @gnoff)onError
(#27761, #27850 by @gnoff and @sebmarkbage)crossorigin
support to bootstrap scripts (#26844 by @HenriqueLimas)nonce
and fetchpriority
in preload links (#26826 by @liuyenwei)referrerPolicy
to ReactDOM.preload()
(#27096 by @styfle)react/jsx-dev-runtime
(#28921 by @himself65)errorInfo.digest
from onRecoverableError
(#28222 by @gnoff)react-test-renderer
on web (#27903, #28904 by @jackpope and @acdlite)react-test-renderer/shallow
export (#25475, #28497 by @sebmarkbage and @jackpope)prepareUpdate
(#26583, #27409 by @sebmarkbage and @sophiebits)isConcurrentMode
and isAsyncMode
methods (#28224 by @gaearon)FAQs
React is a JavaScript library for building user interfaces.
The npm package react receives a total of 12,082,936 weekly downloads. As such, react popularity was classified as popular.
We found that react demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.