Gathering detailed insights and metrics for react-async-script
Gathering detailed insights and metrics for react-async-script
A React composition mixin for loading 3rd party scripts asynchronously
Installations
npm install react-async-scriptDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
12.17.0
NPM Version
6.14.4
Score
96.5
Supply Chain
100
Quality
75.5
Maintenance
100
Vulnerability
100
License
Languages
1
JavaScript
JavaScript (100%)
Developer
dozoisch
Download Statistics
Total Downloads
132,759,252
Last Day
25,289
Last Week
808,512
Last Month
3,412,752
Last Year
36,673,750
GitHub Statistics
MIT License
177 Stars
182 Commits
29 Forks
5 Watchers
2 Branches
11 Contributors
Updated on Sep 05, 2024
Bundle Size
7.13 kB
Minified
2.65 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.2.0
Package Id
react-async-script@1.2.0
Unpacked Size
41.37 kB
Size
9.56 kB
File Count
10
NPM Version
6.14.4
Node Version
12.17.0
Total Downloads
Cumulative downloads
Total Downloads
132,759,252
Last Day
0.1%
25,289
Compared to previous day
Last Week
-3.3%
808,512
Compared to previous week
Last Month
3.7%
3,412,752
Compared to previous month
Last Year
20.3%
36,673,750
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
React Async Script Loader
*NOTE - These are the docs for the upcoming 1.0.0 release - for v0.11.1 documention go to tag here: 0.11.1
A React HOC for loading 3rd party scripts asynchronously. This HOC allows you to wrap a component that needs 3rd party resources, like reCAPTCHA or Google Maps, and have them load the script asynchronously.
Usage
Async Script HOC api
makeAsyncScriptLoader(getScriptUrl, options)(Component)
Component: The Component to wrap.getScriptUrl: string or function that returns the full URL of the script tag.options(optional):attributes: object : If the script needs attributes (such asdata-attributes), then provide them as key/value pairs of strings and they will be added to the generated script tag.callbackName: string : If the script needs to call a global function when finished loading (for example:recaptcha/api.js?onload=callbackName). Please provide the callback name here and it will be autoregistered onwindowfor you.globalName: string : Can provide the name of the global that the script attaches towindow. Async-script will pass this as a prop to the wrapped component. (props[globalName] = window[globalName])removeOnUnmount: boolean default=false : If set totrueremoves the script tag when component unmounts.scriptId: string : If set, it adds the following id on the script tag.
HOC Component props
1const AsyncScriptComponent = makeAsyncScriptLoader(URL)(Component); 2// --- 3<AsyncScriptComponent asyncScriptOnLoad={callAfterScriptLoads} />
asyncScriptOnLoad: function : called after script finishes loading. usingscript.onload
Ref and forwardRef
react-async-script uses react's forwardRef method to pass along the ref applied to the wrapped component.
If you pass a ref prop you'll have access to your wrapped components instance. See the tests for detailed example.
Simple Example:
1const AsyncHoc = makeAsyncScriptLoader(URL)(ComponentNeedsScript); 2 3class DisplayComponent extends React.Component { 4 constructor(props) { 5 super(props); 6 this._internalRef = React.createRef(); 7 } 8 componentDidMount() { 9 console.log("ComponentNeedsScript's Instance -", this._internalRef.current); 10 } 11 render() { return (<AsyncHoc ref={this._internalRef} />)} 12}
Notes on Requirements
At least React@16.4.1 is required due to forwardRef usage internally.
Example
See https://github.com/dozoisch/react-google-recaptcha
1// recaptcha.js 2export class ReCAPTCHA extends React.Component { 3 componentDidUpdate(prevProps) { 4 // recaptcha has loaded via async script 5 if (!prevProps.grecaptcha && this.props.grecaptcha) { 6 this.props.grecaptcha.render(this._container) 7 } 8 } 9 render() { return ( 10 <div ref={(r) => this._container = r} />) 11 } 12} 13 14// recaptcha-wrapper.js 15import makeAsyncScriptLoader from "react-async-script"; 16import { ReCAPTCHA } from "./recaptcha"; 17 18const callbackName = "onloadcallback"; 19const URL = `https://www.google.com/recaptcha/api.js?onload=${callbackName}&render=explicit`; 20// the name of the global that recaptcha/api.js sets on window ie: window.grecaptcha 21const globalName = "grecaptcha"; 22 23export default makeAsyncScriptLoader(URL, { 24 callbackName: callbackName, 25 globalName: globalName, 26})(ReCAPTCHA); 27 28// main.js 29import ReCAPTCHAWrapper from "./recaptcha-wrapper.js" 30 31const onLoad = () => console.log("script loaded") 32 33React.render( 34 <ReCAPTCHAWrapper asyncScriptOnLoad={onLoad} />, 35 document.body 36);
Migration to 1.0
- Component is now passed as a second function call
- removeOnMount is now removeOnUnmount (typo fixed!)
- exposeFuncs is no longer needed as it's done automatically!
1-export default makeAsyncScriptLoader(ReCAPTCHA, getURL, { 2+export default makeAsyncScriptLoader(getURL, { 3 callbackName, 4 globalName, 5- removeOnMount: initialOptions.removeOnMount || false, 6+ removeOnUnmount: initialOptions.removeOnUnmount || false, 7- exposeFuncs: ["getValue", "getWidgetId", "reset", "execute"], 8-}); 9+})(ReCAPTCHA);
Notes
Pre 1.0.0 and - React < React@16.4.1 support details in 0.11.1.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 4/8 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/standard-ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/dozoisch/react-async-script/standard-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/standard-ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/dozoisch/react-async-script/standard-ci.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/standard-ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.2
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More