Gathering detailed insights and metrics for preact-ssr-prepass
Gathering detailed insights and metrics for preact-ssr-prepass
Installations
npm install preact-ssr-prepassDeveloper
sventschui
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
22.4.0
NPM Version
10.8.1
Statistics
49 Stars
76 Commits
7 Forks
3 Watching
12 Branches
21 Contributors
Updated on 22 Nov 2024
Languages
JavaScript (97.4%)
TypeScript (2.6%)
Total Downloads
Cumulative downloads
Total Downloads
2,722,674
Last day
-22.6%
1,356
Compared to previous day
Last week
-3%
7,656
Compared to previous week
Last month
-9.8%
35,087
Compared to previous month
Last year
-1.3%
616,961
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
preact-ssr-prepass
Drop-in replacement for
react-ssr-prepass.
Neither Preact nor React support Suspense on the server as of now. Heavily inspired by react-ssr-prepass, preact-ssr-prepass provides a two-pass approach with which Suspense can be used on the server. In the first pass, preact-ssr-prepass
will create a VNode tree and await all suspensions, in the second pass preact-render-to-string
can be used to render a vnode to a string.
Even if preact-ssr-prepass is designed to do as little as possible, it still adds a slight
overhead since the VNode tree is created twice.
⚠️ Note that this is neither an official Preact nor React API and that the way Suspense is handled
on the server might/will change in the future!
Usage / API
Awaiting suspensions
preact-ssr-prepass needs to be called just before rendering a vnode to a string. See the following
example:
lazy.js:
1export default function LazyLoaded() { 2 return <div>I shall be loaded and rendered on the server</div> 3}
index.js:
1import { createElement as h } from 'preact'; 2import { Suspense, lazy } from 'preact/compat'; 3import renderToString from 'preact-render-to-string'; 4import prepass from 'preact-ssr-prepass'; 5 6const LazyComponent = lazy(() => import('./lazy')); 7 8const vnode = ( 9 <Suspense fallback={<div>I shall not be rendered on the server</div>}> 10 <LazyComponent /> 11 </Suspense> 12); 13 14prepass(vnode) 15 .then(() => { 16 // <div>I shall be loaded and rendered on the server</div> 17 console.log(renderToString(vnode)); 18 });
Custom suspensions/data fetching using the visitor
preact-ssr-prepass accepts a second argument that allows you to suspend on arbitrary elements:
1ssrPrepass(<App />, (element, instance) => { 2 if (instance !== undefined && typeof instance.fetchData === 'function') { 3 return instance.fetchData() 4 } 5});
API
1/** 2 * Visitor function to suspend on certain elements. 3 * 4 * When this function returns a Promise it is awaited before the vnode will be rendered. 5 */ 6type Visitor = (element: preact.VNode, instance: ?preact.Component) => ?Promise<any>; 7 8/** 9 * The default export of preact-ssr-prepass 10 * 11 * @param{vnode} preact.VNode The vnode to traverse 12 * @param{visitor} ?Visitor A function that is called for each vnode and might return a Promise to suspend. 13 * @param{context} ?Object Initial context to be used when traversing the vnode tree 14 * @return Promise<any> Promise that will complete once the complete vnode tree is traversed. Note that even if 15 * a Suspension throws the returned promise will resolve. 16 */ 17export default function prepass(vnode: preact.VNode, visitor?: Visitor, context:? Object): Promise<any>;
Replace react-ssr-prepass (e.g. next.js)
react-ssr-prepass is usually used on the server only and not bundled into your bundles but rather
required through Node.js. To alias react-ssr-prepass to preact-ssr-prepass we recommend to use
module-alias:
Create a file named alias.js:
1const moduleAlias = require('module-alias')
2
3module.exports = () => {
4 moduleAlias.addAlias('react-ssr-prepass', 'preact-ssr-prepass')
5}Require and execute the exported function in your applications entrypoint (before require'ing react-ssr-prepass):
1require('./alias')();
Differences to react-ssr-prepass
The visitor passed to preact-ssr-prepass gets a Preact element instead of a React one. When you use preact/compat's createElement it will make the element/vnode look as similar to a React element as possible.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
Found 8/13 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-ssr-prepass/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-ssr-prepass/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-ssr-prepass/ci.yml/master?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Reason
33 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More