Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@prettier/plugin-pug
Advanced tools
Please note that the plugin ecosystem in Prettier is still beta, which may make @prettier/plugin-pug
not ready for production use yet.
Plugin for Prettier to format pug code
Simply install prettier
and @prettier/plugin-pug
as your project’s npm devDependencies:
cd /path/to/project
## initialise an npm project if you haven’t done it yet
npm init
## or
yarn init
## add Prettier and its Pug plugin to project’s dev dependencies
npm install --dev prettier @prettier/plugin-pug
## or
yarn add --dev prettier @prettier/plugin-pug
## format all pug files in your project
./node_modules/.bin/prettier --write "**/*.pug"
## or
yarn prettier --write "**/*.pug"
You can disable code formatting for a particular element by adding //- prettier-ignore
comments in your pug templates:
div.text( color = "primary", disabled ="true" )
//- prettier-ignore
div.text( color = "primary", disabled ="true" )
//- prettier-ignore: because of reasons
div
div.text( color = "primary", disabled ="true" )
Prettified output:
.text(color="primary", disabled)
//- prettier-ignore
div.text( color = "primary", disabled ="true" )
//- prettier-ignore: because of reasons
div
div.text( color = "primary", disabled ="true" )
You can also disable code formatting in Markdown for a particular ```pug
block by adding <!-- prettier-ignore -->
before the block:
Pug code with preserved custom formatting:
<!-- prettier-ignore -->
```pug
div.text( color = "primary", disabled ="true" )
```
Pug code with automatic formatting:
```pug
.text(color="primary", disabled)
```
By default, the same formatting options are used as configured through the standard prettier options.
By using versions of these standard options prefixed with pug
, you can override pug formatting options even when using pug embedded in other files, e.g. vue single-file components:
pugBracketSpacing
pugPrintWidth
pugSemi
pugSingleQuote
pugTabWidth
pugUseTabs
pugTabWidth
pugArrowParens
These additional options are specific to pug templates and can be configured in your global .prettierrc
file:
pugAttributeSeparator
Change when attributes are separated by commas in tags.
Choices:
'always'
default -> Always separate attributes with commas.button(type="submit", (click)="play()", disabled)
'as-needed'
-> Only add commas between attributes where required.button(type="submit", (click)="play()" disabled)
'none'
-> Never add commas between attributes.button(type="submit" @click="play()" :style="style" disabled)
Please note that while this option will process Angular syntax (e.g. (click)="play()"
), the resulting pug file will throw a syntax error when parsed: Syntax Error: Assigning to rvalue
pugClosingBracketPosition
Position of closing bracket of attributes.
Choices:
'new-line'
default -> Closing bracket ends with a new line.
Example:
input(
type="text",
value="my_value",
name="my_name",
alt="my_alt",
autocomplete="on"
)
'last-line'
-> Closing bracket remains with last attribute's line.
Example:
input(
type="text",
value="my_value",
name="my_name",
alt="my_alt",
autocomplete="on")
pugCommentPreserveSpaces
Change behavior of spaces within comments.
Choices:
'keep-all'
default -> Keep all spaces within comments.// ___this _is __a __comment_
'keep-leading'
-> Keep leading spaces within comments.// ___this is a comment
'trim-all'
-> Trim all spaces within comments.// this is a comment
pugSortAttributesBeginning
& pugSortAttributesEnd
Sort attributes by regex patterns to the beginning or the end.
Example
This feature was planned since 1.2.0
, but it was always a bit unstable and opinionated.
If there are any bugs, please report them.
pugSortAttributes
Sort attributes that are not on beginning and end patterns.
Choices:
'as-is'
default -> Keep the attributes untouched.Foo(a c d b)
'asc'
-> Sort attributes ascending.Foo(a b c d)
'desc'
-> Sort attributes descending.Foo(d c b a)
pugWrapAttributesThreshold
Define the maximum amount of attributes that an element can appear with on one line before it gets wrapped.
pugWrapAttributesPattern
Define a regex pattern to match attributes against that should always trigger wrapping.
Choices:
-1
default -> Only wrap attributes as needed.input(type="text")
input(type="text", value="my_value", name="my_name")
0
-> Always wrap attributes.input(
type="text"
)
input(
type="text",
value="my_value",
name="my_name"
)
1
-> Allow one unwrapped attribute, wrap two and more.input(type="text")
input(
type="text",
value="my_value",
name="my_name"
)
2 .. Infinity
-> Same as above, just with different thresholds.There are some code examples that are not formatted well with this plugin and can damage your code.
But there are workarounds for it. These generate even better pug code!
input(onClick="methodname(\"" + variable + "\", this)")
// transforms to
input(onClick="methodname(\"\" + variable + \"\", this)")
// In most cases ES6 template strings are a good solution
input(onClick=`methodname("${variable}", this)`)
As mentioned in pugjs.org Attribute Interpolation (2.), you should prefere ES2015 template strings to simplify your attributes.
- const id = 42
- const collapsed = true
div(id=id, class='collapse' + (collapsed ? '' : ' show') + ' cardcontent')
// transforms to
.cardcontent(id=id, class="collapse' + (collapsed ? '' : ' show') + '")
// better write
.cardcontent.collapse(id=id, class=collapsed ? '' : 'show')
// Now your js logic is extracted from the plain logic
If you have tags at the top/root that are indented, they will lose indentation due to a technical limitation of pug.
Please check these before committing after running this plugin for the first time and fix them manually.
If you are using a text editor that supports Prettier integration (e.g. Atom), you can have all Prettier perks for your Pug code too!
Use VSCode extension to get support for VSCode.
In order to get @prettier/plugin-pug
working in projects that do not have local npm dependencies, you can install this plugin globally:
npm install --global prettier @prettier/plugin-pug
In this case, you might need to check the settings of your editor’s Prettier extension to make sure that a globally installed Prettier is used when it is not found in project dependencies (i.e. package.json
).
Nevertheless, it is recommended to rely on local copies of prettier
and @prettier/plugin-pug
as this reduces the chance of formatting conflicts between project collaborators.
This may happen if different global versions of Prettier or its Pug plugin are used.
Installing @prettier/plugin-pug
either locally or globally may require you to restart the editor if formatting does not work right away.
This plugin is written in TypeScript and its quality is maintained using Prettier and Jest.
If you’re interested in contributing to the development of Prettier for Pug, you can follow the CONTRIBUTING guide from Prettier, as it all applies to this repository too.
To run @prettier/plugin-pug
locally:
yarn install
.yarn lint
to make sure that the code passes formatting and linting.yarn test
to make sure that TypeScript successfully compiles into JavaScript and and all unit tests pass.This project was inspired by https://github.com/gicentre/prettier-plugin-elm.
Many thanks also to @j-f1, @lipis and @azz for the help in transferring this repos to the prettier orga.
Thanks to @Peilonrayz, who gave me the idea to rewrite the printer into a class and thus make the code a lot more maintainable.
Thanks to @lehni and @SkyaTura for the massive contribution and the introduction of many new features into the project.
1.8.1
FAQs
Prettier Pug Plugin
The npm package @prettier/plugin-pug receives a total of 16,718 weekly downloads. As such, @prettier/plugin-pug popularity was classified as popular.
We found that @prettier/plugin-pug demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.