Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@silvermine/undertemplate
Advanced tools
Readme
A simple replacement for _.template
from either Underscore or Lodash
that removes the features that make those libraries incompatible with Content Security
Policy (CSP). Specifically, this implementation supports only interpolation (escaped and
unescaped) and does not support JS evaluation.
Just like you would have used _.template
:
var makeTemplate = require('@silvermine/undertemplate'),
template = makeTemplate('Hello <%= name %>');
console.log(template({ name: 'John Smith' }));
Of course, we only support:
<%= … %>
: interpolate a value<%- … %>
: interpolate and HTML escape a valueThe following are NOT supported:
<% … %>
: JS evaluation<% print('Hello ' + epithet); %>
: JS evaluation with the print
functionTemplating in Underscore/Lodash was operating by building up a JS function as a string. This meant that if your template referred to a variable that did not exist, you would get a JS error thrown. In this library, however, undefined variables in the template will result in an empty string being placed in that location.
We rely on Lodash to provide a number of convenience functions that would require polyfills to support a wide array of browsers. To help reduce bloat, we do two things:
4.x
, meaning that if you already have it
as a dependency, we'll use your version.require('lodash/foo')
for each foo
function we need. This helps if you're
using UnderTemplate in a browserify-style environment since only the files from
Lodash that are actually needed will be included in your bundle.We genuinely appreciate external contributions. See our extensive documentation on how to contribute.
This software is released under the MIT license. See the license file for more details.
FAQs
Replacement for _.template (underscore or lodash) without unsafe evals.
The npm package @silvermine/undertemplate receives a total of 1,411 weekly downloads. As such, @silvermine/undertemplate popularity was classified as popular.
We found that @silvermine/undertemplate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.