⚡CLI for creating reusable react libraries.

Overview

create-react-library

CLI for creating reusable, modern React libraries using Rollup and create-react-app.

NPM Build Status JavaScript Style Guide



Intro

Features

  • Easy-to-use CLI
  • Handles all modern JS features
  • Bundles commonjs and es module formats
  • create-react-app for example usage and local dev
  • Rollup for bundling
  • Babel for transpiling
  • Jest for testing
  • Supports complicated peer-dependencies
  • Supports CSS modules
  • Optional support for TypeScript
  • Sourcemap creation
  • Thousands of public modules created
  • Thorough documentation 😍
  • Chinese docs by @monsterooo

Install globally

This package requires node >= 10.

npm install -g create-react-library

Usage with npx

npx create-react-library

(npx comes with npm 5.2+ and higher, see instructions for older npm versions)

Creating a New Module

create-react-library

Answer some basic prompts about your module, and then the CLI will perform the following steps:

  • copy over the template
  • install dependencies via yarn or npm
  • link packages together for local development
  • initialize local git repo

At this point, your new module should resemble this screenshot and is all setup for local development.

Development

Local development is broken into two parts (ideally using two tabs).

First, run rollup to watch your src/ module and automatically recompile it into dist/ whenever you make changes.

npm start # runs rollup with watch flag

The second part will be running the example/ create-react-app that's linked to the local version of your module.

# (in another tab)
cd example
npm start # runs create-react-app dev server

Now, anytime you make a change to your library in src/ or to the example app's example/src, create-react-app will live-reload your local dev server so you can iterate on your component in real-time.

Publishing to npm

npm publish

This builds commonjs and es versions of your module to dist/ and then publishes your module to npm.

Make sure that any npm modules you want as peer dependencies are properly marked as peerDependencies in package.json. The rollup config will automatically recognize them as peers and not try to bundle them in your module.

Deploying to Github Pages

npm run deploy

This creates a production build of the example create-react-app that showcases your library and then runs gh-pages to deploy the resulting bundle.

Use with React Hooks

If you use react-hooks in your project, when you debug your example you may run into an exception Invalid Hook Call Warning. This issue explains the reason, your lib and example use a different instance, one solution is rewrite the react path in your example's package.json to 'file:../node_modules/react' or 'link:../node_modules/react'.

Examples

Multiple Named Exports

Here is a branch which demonstrates how to use multiple named exports. The module in this branch exports two components, Foo and Bar, and shows how to use them from the example app.

Material-UI

Here is a branch which demonstrates how to make use of a relatively complicated peer dependency, material-ui. It shows the power of rollup-plugin-peer-deps-external which makes it a breeze to create reusable modules that include complicated material-ui subcomponents without having them bundled as a part of your module.

Boilerplate

The CLI is based on this boilerplate, which you can optionally read about here.

Libraries

Here are some example libraries that have been bootstrapped with create-react-library.

Want to see a more completed list? Check out Made with CRL.

Want to add yours to the list? Submit an PR at the Made with CRL repository.

Notice

My open source efforts are now focused on Saasify, and I am not able to invest a significant amount of time into maintaining CRL anymore. I am looking for volunteers who would like to become active maintainers on the project. If you are interested, please shoot me a note.

License

MIT © Travis Fischer

Support my OSS work by following me on twitter twitter

Issues
  • Error when using hooks

    Error when using hooks

    I'm bootstrapping a React component library with this tool and I get: Hooks can only be called inside the body of a function component.

    Steps to reproduce:

    • Create a library with create-react-library.
    • Update react and react-dom to v16.7.0-alpha.0 in ./package.json and ./src/package.json.
    • Use new React hooks feature inside src/.

    If you try the example you get the error. One weird thing is that if you use hooks in the example you don't get any error.

    opened by carloslfu 23
  • Add more template options?

    Add more template options?

    Some ideas:

    • webpack vs rollup
    • flow or typescript support
    • prettier integration ...

    I'd really like to keep the default template as minimal as possible, but people should be able to easily swap out different options if they want. Thoughts / suggestions?

    enhancement question 
    opened by transitive-bullshit 15
  • Building Modular Libraries

    Building Modular Libraries

    Can you add an example rollup configuration for building modular libraries?

    For example:

    Multiple imports Right Now-
    import { A, B } from 'package';
    
    With Modular Imports -
    import A from 'package/A'; 
    import B from 'package/B';
    

    ^ This approach helps reduce the bundle size, as only the file needed is imported and added to the bundle.

    opened by anmdotdev 15
  • yarn install failing

    yarn install failing

    Getting the following error when I try creating a new project

    Initializing npm dependencies. This will take a minute.

    √ Running yarn install in root directory × Running yarn install in example directory Error: spawn C:\windows\system32\cmd.exe ENOENT at Process.ChildProcess._handle.onexit (internal/child_process.js:267:19) at onErrorNT (internal/child_process.js:467:16) at processTicksAndRejections (internal/process/task_queues.js:84:21) { errno: -4058, code: 'ENOENT', syscall: 'spawn C:\windows\system32\cmd.exe', path: 'C:\windows\system32\cmd.exe', spawnargs: [ '/q', '/s', '/c', '"yarn install"' ], stdout: '', stderr: '', failed: true, signal: null, cmd: 'C:\windows\system32\cmd.exe /q /s /c "yarn install"', timedOut: false, killed: false }

    The error occurs for both yarn as well as npm.

    node version: 13.12.0 yarn version: 1.21.1

    opened by FaisalST32 14
  • upgrade to babel 7

    upgrade to babel 7

    resolve #86

    opened by sag1v 13
  • className not working without using styles

    className not working without using styles

    When I am building the component. The following method of importing css does not work

    Method 1

    import  "./index.css"
    
    const Mycomponent =()=>
    <div className="title">Title</div>
    

    It seems that the compiler was not able to recognize className = "". If I define the body{} by import "./index.css", it works fine.

    Instead, I need to use the styles method

    Method2

    import styles from "./index.css"
    
    const Mycomponent =()=>
    <div className={styles.title}">Title</div>
    

    It would be very difficult to use some external library, which rely on method 1 for styling. Is there a way to use method 1 instead of method 2

    It would probably be a rollup config issue? I set

    postcss({
          modules: false,
        }),
    

    it is still not working.

    opened by mistyhx 13
  • src/ files changed, but can not live-reload

    src/ files changed, but can not live-reload

    I have seen "anytime you make a change to your library in src/ or to the example app's example/src, create-react-app will live-reload" this words in readme. But It can not live-reload, when I run npm start in src/.

    opened by allan2coder 12
  • Module not found: Error: Can't resolve 'fs'

    Module not found: Error: Can't resolve 'fs'

    I'm getting this error when I try to use my published library that I created using create-react-library. Any idea what might cause this?

    opened by mikecousins 11
  • Thank you :)

    Thank you :)

    Thank you for this package :) I was able to create my first react reusable component with this package. https://github.com/ahmednooor/touchflip-react

    Also some feedback. Everything worked great the first time. But the second time after updating my code, npm run deploy didn't work. Ultimately I reinstalled the gh-pages globally which resolved the issue. Hope this helps.

    Once again Thank You :)

    opened by ahmednooor 11
  • Upgrading to babel 7

    Upgrading to babel 7

    @transitive-bullshit What do you say, can we move on to babel 7?

    opened by sag1v 10
  • Bump path-parse from 1.0.6 to 1.0.7

    Bump path-parse from 1.0.6 to 1.0.7

    Bumps path-parse from 1.0.6 to 1.0.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • npx create-react-library does not finish executing

    npx create-react-library does not finish executing

    After running npx create-react-library and filling out the prompts, the cli proceeds to install the dependancies but it never actually finishes executing. See attached screenshot of my terminal, I had to control+c to get it to finish.

    image

    If I then go into the project and run yarn or npm i it installs the dependancies as expected.

    I am on an macbook pro (m1) running Big Sur 11.4

    opened by damiensedgwick 1
  • create-react-library failed on example

    create-react-library failed on example

    I've tried to run create-react-library on Windows 10, but it fails

    PS E:\javascript\controls> npx create-react-library ois-controls
    ? Package Name ois-controls
    ? Package Description Made with create-react-library
    ? Author's GitHub Handle avmakarov
    ? GitHub Repo Path avmakarov/ois-controls
    ? License MIT
    ? Package Manager npm
    ? Template typescript
    - Copying typescript template to E:\javascript\controls\ois-controls
    .editorconfig
    .eslintignore
    .eslintrc
    .prettierrc
    .travis.yml
    package.json
    README.md
    tsconfig.json
    tsconfig.test.json
    example/package.json
    example/README.md
    example/tsconfig.json
    src/.eslintrc
    src/index.test.tsx
    src/index.tsx
    src/styles.module.css
    src/typings.d.ts
    example/src/App.test.tsx
    example/src/App.tsx
    example/src/index.css
    example/src/index.tsx
    example/src/react-app-env.d.ts
    example/src/setupTests.ts
    example/public/favicon.ico
    example/public/index.html
    example/public/manifest.json
    √ Copying typescript template to E:\javascript\controls\ois-controls
    
    Initializing npm dependencies. This will take a minute.
    
    √ Running npm install in root directory
    × Running npm install in example directory
    Error: Command failed with exit code 1: npm install
    npm ERR! code 1
    npm ERR! path E:\javascript\controls\ois-controls\node_modules\typescript
    npm ERR! command failed
    npm ERR! command C:\WINDOWS\system32\cmd.exe /d /s /c gulp build-eslint-rules
    npm ERR! [09:09:45] Local modules not found in E:\javascript\controls\ois-controls\node_modules\typescript
    npm ERR! [09:09:45] Try running: npm install
    
    npm ERR! A complete log of this run can be found in:
    npm ERR!     C:\Users\avmakarov\AppData\Local\npm-cache\_logs\2021-06-14T02_09_45_685Z-debug.log
        at makeError (C:\Users\avmakarov\AppData\Roaming\npm\node_modules\create-react-library\node_modules\execa\lib\error.js:59:11)
        at handlePromise (C:\Users\avmakarov\AppData\Roaming\npm\node_modules\create-react-library\node_modules\execa\index.js:114:26)
        at processTicksAndRejections (internal/process/task_queues.js:93:5)
        at async pEachSeries (C:\Users\avmakarov\AppData\Roaming\npm\node_modules\create-react-library\node_modules\p-each-series\index.js:8:23) {
      shortMessage: 'Command failed with exit code 1: npm install',
      command: 'npm install',
      exitCode: 1,
      signal: undefined,
      signalDescription: undefined,
      stdout: '',
      stderr: 'npm ERR! code 1\n' +
        'npm ERR! path E:\\javascript\\controls\\ois-controls\\node_modules\\typescript\n' +
        'npm ERR! command failed\n' +
        'npm ERR! command C:\\WINDOWS\\system32\\cmd.exe /d /s /c gulp build-eslint-rules\n' +
        'npm ERR! [\u001b[90m09:09:45\u001b[39m] Local modules not found in E:\\javascript\\controls\\ois-controls\\node_modules\\typescript\n' +
        'npm ERR! [\u001b[90m09:09:45\u001b[39m] Try running: npm install\n' +
        '\n' +
        'npm ERR! A complete log of this run can be found in:\n' +
        'npm ERR!     C:\\Users\\avmakarov\\AppData\\Local\\npm-cache\\_logs\\2021-06-14T02_09_45_685Z-debug.log',
      failed: true,
      timedOut: false,
      isCanceled: false,
      killed: false
    }
    
    PS E:\javascript\controls> node --version
    v12.13.1
    PS E:\javascript\controls> npm --version
    7.6.0
    

    I cant understand what should i do to fix it.

    Best regards.

    opened by bostandyksoft 2
  • Bump normalize-url from 4.5.0 to 4.5.1

    Bump normalize-url from 4.5.0 to 4.5.1

    Bumps normalize-url from 4.5.0 to 4.5.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump glob-parent from 5.1.1 to 5.1.2

    Bump glob-parent from 5.1.1 to 5.1.2

    Bumps glob-parent from 5.1.1 to 5.1.2.

    Release notes

    Sourced from glob-parent's releases.

    v5.1.2

    Bug Fixes

    Changelog

    Sourced from glob-parent's changelog.

    5.1.2 (2021-03-06)

    Bug Fixes

    6.0.0 (2021-05-03)

    ⚠ BREAKING CHANGES

    • Correct mishandled escaped path separators (#34)
    • upgrade scaffold, dropping node <10 support

    Bug Fixes

    • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

    Miscellaneous Chores

    • upgrade scaffold, dropping node <10 support (e83d0c5)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • How to make the original ES6 source available to intellij?

    How to make the original ES6 source available to intellij?

    My application and library use two different yarn workspaces in the same repo. One thing I don't yet understand is how to make the Intellij IDE recognize the original ES6 source code of the library in the process of developing the application. When, for example, I try to click through from an application source file to a definition in the library, Intellij takes me to the compiled version of the library.

    Is there a standard way to make the original ES6 source available in the dist folder so that IDEs can access it instead of the compiled version?

    Many thanks.

    Azad

    opened by azadbolour 0
  • Npm command test:lint failing

    Npm command test:lint failing

    Hi!

    When creating a new app from scratch and running npm run test, I get the following message:

    PASS src/index.test.tsx
      ExampleComponent
        ✓ is truthy (2ms)
    
    Test Suites: 1 passed, 1 total
    Tests:       1 passed, 1 total
    Snapshots:   0 total
    Time:        1.297s
    Ran all test suites.
    
    > [email protected] test:lint /home/tudor/test/testingit
    > eslint .
    
    
    Oops! Something went wrong! :(
    
    ESLint: 6.8.0.
    
    No files matching the pattern "." were found.
    Please check for typing mistakes in the pattern.
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 2
    npm ERR! [email protected] test:lint: `eslint .`
    npm ERR! Exit status 2
    npm ERR! 
    npm ERR! Failed at the [email protected] test:lint script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    opened by arhtudormorar 1
  • Bump hosted-git-info from 2.5.0 to 2.8.9

    Bump hosted-git-info from 2.5.0 to 2.8.9

    Bumps hosted-git-info from 2.5.0 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    2.8.8 (2020-02-29)

    Bug Fixes

    • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

    2.8.7 (2020-02-26)

    Bug Fixes

    • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
    • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

    2.8.6 (2020-02-25)

    2.8.5 (2019-10-07)

    Bug Fixes

    • updated pathmatch for gitlab (e8325b5), closes #51
    • updated pathmatch for gitlab (ffe056f)

    2.8.4 (2019-08-12)

    ... (truncated)

    Commits
    • 8d4b369 chore(release): 2.8.9
    • 29adfe5 fix: backport regex fix from #76
    • afeaefd chore(release): 2.8.8
    • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
    • 7440afa chore(release): 2.8.7
    • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
    • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
    • e1b83df chore(release): 2.8.6
    • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
    • 624fd6f chore(release): 2.8.5
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump lodash from 4.17.19 to 4.17.21

    Bump lodash from 4.17.19 to 4.17.21

    Bumps lodash from 4.17.19 to 4.17.21.

    Commits
    • f299b52 Bump to v4.17.21
    • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
    • 3469357 Prevent command injection through _.template's variable option
    • ded9bc6 Bump to v4.17.20.
    • 63150ef Documentation fixes.
    • 00f0f62 test.js: Remove trailing comma.
    • 846e434 Temporarily use a custom fork of lodash-cli.
    • 5d046f3 Re-enable Travis tests on 4.17 branch.
    • aa816b3 Remove /npm-package.
    • See full diff in compare view
    Maintainer changes

    This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump handlebars from 4.7.6 to 4.7.7

    Bump handlebars from 4.7.6 to 4.7.7

    Bumps handlebars from 4.7.6 to 4.7.7.

    Changelog

    Sourced from handlebars's changelog.

    v4.7.7 - February 15th, 2021

    • fix weird error in integration tests - eb860c0
    • fix: check prototype property access in strict-mode (#1736) - b6d3de7
    • fix: escape property names in compat mode (#1736) - f058970
    • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
    • chore: start testing on Node.js 12 and 13 - 3789a30

    (POSSIBLY) BREAKING CHANGES:

    • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

    That is why we only bump the patch version despite mentioning breaking changes.

    Commits

    Commits
    • a9a8e40 v4.7.7
    • e66aed5 Update release notes
    • 7d4d170 disable IE in Saucelabs tests
    • eb860c0 fix weird error in integration tests
    • b6d3de7 fix: check prototype property access in strict-mode (#1736)
    • f058970 fix: escape property names in compat mode (#1736)
    • 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
    • 3789a30 chore: start testing on Node.js 12 and 13
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
Travis Fischer
Exploring a better future for developers via micro consulting.
Travis Fischer
Zero-config CLI for TypeScript package development

Despite all the recent hype, setting up a new TypeScript (x React) library can be tough. Between Rollup, Jest, tsconfig, Yarn resolutions, ESLint, and

Formium 8.6k Sep 23, 2021
React Starter Kit — isomorphic web app boilerplate (Node.js, Express, GraphQL, React.js, Babel, PostCSS, Webpack, Browsersync)

React Starter Kit — "isomorphic" web app boilerplate React Starter Kit is an opinionated boilerplate for web development built on top of Node.js, Expr

Kriasoft 21k Sep 21, 2021
一个基于React+Antd的后台管理模版

一个基于React+Antd的后台管理模版,在线预览https://nlrx-wjc.github.io/react-antd-admin-template/

难凉热血 1.2k Sep 23, 2021
✨ Create server-rendered universal JavaScript applications with no configuration

Universal JavaScript applications are tough to setup. Either you buy into a framework like Next.js or react-server, fork a boilerplate, or set things

Jared Palmer 10.4k Sep 23, 2021
Create and build modern JavaScript projects with zero initial configuration.

Create and build modern JavaScript applications with zero initial configuration Neutrino combines the power of webpack with the simplicity of presets.

Neutrino 3.8k Sep 24, 2021