A secure, extensible platform for loading, analyzing, and displaying Claude AI-generated React components with comprehensive security validation and dependency management.
- Security-First Architecture: Comprehensive validation system prevents XSS, injection attacks, and unsafe imports
- Real-time Dependency Analysis: Automatically detects and validates component dependencies
- Error Boundaries: Robust error handling prevents single component failures from crashing the app
- Performance Optimized: Uses React best practices including memoization and code splitting
- Interactive UI: Visual indicators for security status and validation results
- Extensible Design: Plugin-ready architecture for custom artifact processors
- โ Shell Injection Prevention: Secure command execution without shell access
- โ XSS Protection: Input sanitization and safe DOM manipulation
- โ CDN Security: Local dependencies instead of external script loading
- โ Artifact Validation: Pre-execution security and compliance checking
- โ Path Traversal Protection: Validated file system access
- โ Dependency Whitelisting: Only approved packages allowed
Claude-Artifacts/
โโโ app-analyzer/ # Main application directory
โ โโโ artifact_manager.py # Python artifact management script
โ โโโ src/ # React application source
โ โ โโโ components/ # React components
โ โ โ โโโ ArtifactLoader.jsx # Main artifact loading component
โ โ โ โโโ DependencyAnalyzer.jsx # Dependency analysis UI
โ โ โ โโโ ErrorBoundary.jsx # Error handling component
โ โ โ โโโ ui/ # UI component library
โ โ โโโ claude_artifacts/ # Sample artifacts
โ โ โ โโโ color-picker.jsx # Secure color picker component
โ โ โ โโโ expense-tracker.jsx # Expense tracking app
โ โ โ โโโ sample-dashboard.jsx # Dashboard example
โ โ โโโ services/ # Business logic services
โ โ โโโ artifactAnalyzer.js # Server-side analysis
โ โ โโโ artifactValidator.js # Security validation system
โ โโโ jsconfig.json # JavaScript configuration
โโโ AUDIT_REPORT.md # Comprehensive security audit report
โโโ SECURITY_CONFIG.md # Security policies and guidelines
โโโ README.md # This file
- Python 3.8+
- Node.js 16+
- npm or yarn
-
Clone the repository
git clone https://github.com/CrazyDubya/Claude-Artifacts.git cd Claude-Artifacts -
Set up the environment
cd app-analyzer python3 artifact_manager.py -
Install additional dependencies (if needed)
npm install
-
Create a new React component in
app-analyzer/src/claude_artifacts/// my-component.jsx import React from 'react'; import { Card, CardHeader, CardTitle, CardContent } from '@/components/ui/card'; const MyComponent = () => { return ( <Card> <CardHeader> <CardTitle>My Artifact</CardTitle> </CardHeader> <CardContent> <p>Hello from Claude Artifacts!</p> </CardContent> </Card> ); }; export default MyComponent;
-
Follow security guidelines (see SECURITY_CONFIG.md)
- Use only approved dependencies
- Avoid dangerous patterns (eval, innerHTML, etc.)
- Sanitize user inputs
- Include proper error handling
-
The artifact will be automatically detected and validated when you refresh the application
All artifacts are automatically validated against security policies:
import { ArtifactValidator } from './services/artifactValidator';
const result = ArtifactValidator.validate(artifactCode, filename);
if (!result.isValid) {
console.log('Security issues:', result.securityIssues);
}Components are wrapped in error boundaries for stability:
<ErrorBoundary title="Component Error" onReport={handleErrorReport}>
<YourComponent />
</ErrorBoundary>The application uses React best practices:
useCallbackfor event handlersuseMemofor expensive computations- Code splitting for dynamic imports
- Memoized validation results
| Category | Before | After | Improvement |
|---|---|---|---|
| Security Score | 3/10 | 8.5/10 | +183% |
| Code Quality | 4/10 | 8/10 | +100% |
| Performance | 4/10 | 8/10 | +100% |
| Maintainability | 3/10 | 8/10 | +167% |
- โ Shell Injection:
shell=Trueโ Secure array commands - โ CDN Loading: External scripts โ Local dependencies
- โ XSS Vulnerabilities:
innerHTMLโ Safe DOM methods - โ Path Injection: Hardcoded paths โ Validated paths
- โ Missing Validation: None โ Comprehensive security system
The security system only allows these pre-approved packages:
@radix-ui/*- UI componentslucide-react- Iconsclsx- Class utilitiestailwind-merge- Tailwind utilitiesdate-fns- Date utilitieslodash- General utilities
See SECURITY_CONFIG.md for detailed security policies and validation rules.
Run the artifact manager to test the setup:
cd app-analyzer
python3 artifact_manager.pyExpected output:
Setting up project...
New dependencies installation completed!
Scanning for artifacts...
Found 3 artifacts:
- Color Picker (react)
- Expense Tracker (react)
- Sample Dashboard (react)
- Import errors: Ensure all paths use the
@/alias for components - Security validation fails: Check SECURITY_CONFIG.md for allowed patterns
- Component not loading: Verify the component exports a default React component
- npm errors: Try running with
--forceflag for component installs
The application includes comprehensive error reporting:
- Component-level error boundaries
- Validation error details
- Security issue descriptions
- Performance warnings
- Security First: All contributions must pass security validation
- Code Quality: Follow React best practices and ESLint rules
- Documentation: Update relevant documentation for new features
- Testing: Ensure changes don't break existing functionality
- Create your component following security guidelines
- Test with the validation system
- Submit with proper documentation
- Include security review checklist
This project is licensed under the MIT License - see the LICENSE file for details.
- TypeScript Migration: Full type safety
- Hot Reloading: Development mode improvements
- Plugin System: Extensible architecture
- CLI Tools: Command-line artifact management
- Cloud Integration: Artifact sharing and storage
- Advanced Analytics: Usage metrics and insights
For issues, questions, or contributions:
- Check the AUDIT_REPORT.md for known issues
- Review SECURITY_CONFIG.md for security guidelines
- Open an issue with detailed reproduction steps
- Follow the security reporting guidelines for vulnerabilities
Built with security, performance, and developer experience in mind.

