Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
use-composed-ref
Advanced tools
React hook which creates a ref function from given refs. Useful when using forwardRef.
The npm package 'use-composed-ref' provides a React hook that allows you to compose multiple refs (both React ref objects and callback refs) into a single callback ref. This is particularly useful in scenarios where you need to attach multiple refs to a single element, such as when using third-party libraries that require a ref, while also maintaining your own ref for the same element.
Composing multiple refs
This feature allows the user to combine multiple refs into one, which can then be attached to a React element. In the code sample, `myRef` and `externalRef` are composed into a single ref `composedRef`, which is then used in a div element.
import React, { useRef } from 'react';
import useComposedRef from 'use-composed-ref';
function MyComponent() {
const myRef = useRef(null);
const externalRef = useRef(null);
const composedRef = useComposedRef(myRef, externalRef);
return <div ref={composedRef}>Hello, world!</div>;
}
Similar to 'use-composed-ref', 'react-merge-refs' is another npm package that provides functionality to merge multiple React refs into one. It supports both callback and object refs and is used in a similar way. The main difference lies in the implementation details and possibly in the specific use cases each package is optimized for.
This package offers a way to create a stable callback ref. While it primarily focuses on creating individual callback refs rather than composing multiple refs, it shares the concept of managing refs in a more flexible way, similar to what 'use-composed-ref' offers.
React hook which creates a ref function from given refs. Useful when using forwardRef.
FAQs
React hook which creates a ref function from given refs. Useful when using forwardRef.
We found that use-composed-ref demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.