Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The jQuery npm package is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, and animation much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.
DOM Traversal and Manipulation
Easily select and manipulate HTML elements. This code changes the text of all paragraph elements to 'Hello World'.
$( 'p' ).text( 'Hello World' );
Event Handling
Quickly handle events like clicks. This code sets up an alert to be displayed when any button is clicked.
$( 'button' ).click( function() { alert( 'Button clicked!' ); } );
Animation
Perform animations on elements. This code makes a div element slide up slowly.
$( 'div' ).slideUp( 'slow' );
AJAX
Facilitate asynchronous HTTP (Ajax) requests. This code fetches the content of test.html and inserts it into the body of the current page.
$.ajax({ url: 'test.html', success: function(data) { $( 'body' ).html( data ); } });
Zepto is a minimalist JavaScript library for modern browsers with a largely jQuery-compatible API. It's smaller in size compared to jQuery but does not support as many browsers.
Cash is an absurdly small jQuery alternative for modern browsers. It provides jQuery-style syntax for manipulating the DOM, handling events, and making AJAX requests, but with a smaller footprint.
MooTools is a collection of JavaScript utilities designed for the intermediate to advanced JavaScript developer. It allows you to write powerful and flexible code with its elegant, well documented, and coherent API. MooTools code is extensively documented and easy to read, which is a strong point compared to jQuery.
jQuery is a fast, small, and feature-rich JavaScript library.
For information on how to get started and how to use jQuery, please see jQuery's documentation. For source files and issues, please visit the jQuery repo.
If upgrading, please see the blog post for 3.7.1. This includes notable differences from the previous version and a more readable changelog.
Below are some of the most common ways to include jQuery.
<script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
There are several ways to use Webpack, Browserify or Babel. For more information on using these tools, please refer to the corresponding project's documentation. In the script, including jQuery will usually look like this:
import $ from "jquery";
If you need to use jQuery in a file that's not an ECMAScript module, you can use the CommonJS syntax:
var $ = require( "jquery" );
AMD is a module format built for the browser. For more information, we recommend require.js' documentation.
define( [ "jquery" ], function( $ ) {
} );
To include jQuery in Node, first install with npm.
npm install jquery
For jQuery to work in Node, a window with a document is required. Since no such window exists natively in Node, one can be mocked by tools such as jsdom. This can be useful for testing purposes.
const { JSDOM } = require( "jsdom" );
const { window } = new JSDOM( "" );
const $ = require( "jquery" )( window );
FAQs
JavaScript library for DOM operations
The npm package jquery receives a total of 10,693,960 weekly downloads. As such, jquery popularity was classified as popular.
We found that jquery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.