Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The jQuery npm package is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, and animation much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.
DOM Traversal and Manipulation
Easily select and manipulate HTML elements. This code changes the text of all paragraph elements to 'Hello World'.
$( 'p' ).text( 'Hello World' );
Event Handling
Quickly handle events like clicks. This code sets up an alert to be displayed when any button is clicked.
$( 'button' ).click( function() { alert( 'Button clicked!' ); } );
Animation
Perform animations on elements. This code makes a div element slide up slowly.
$( 'div' ).slideUp( 'slow' );
AJAX
Facilitate asynchronous HTTP (Ajax) requests. This code fetches the content of test.html and inserts it into the body of the current page.
$.ajax({ url: 'test.html', success: function(data) { $( 'body' ).html( data ); } });
Zepto is a minimalist JavaScript library for modern browsers with a largely jQuery-compatible API. It's smaller in size compared to jQuery but does not support as many browsers.
Cash is an absurdly small jQuery alternative for modern browsers. It provides jQuery-style syntax for manipulating the DOM, handling events, and making AJAX requests, but with a smaller footprint.
MooTools is a collection of JavaScript utilities designed for the intermediate to advanced JavaScript developer. It allows you to write powerful and flexible code with its elegant, well documented, and coherent API. MooTools code is extensively documented and easy to read, which is a strong point compared to jQuery.
jQuery is a fast, small, and feature-rich JavaScript library.
For information on how to get started and how to use jQuery, please see jQuery's documentation. For source files and issues, please visit the jQuery repo.
If upgrading, please see the blog post for 3.7.1. This includes notable differences from the previous version and a more readable changelog.
Below are some of the most common ways to include jQuery.
<script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
There are several ways to use Webpack, Browserify or Babel. For more information on using these tools, please refer to the corresponding project's documentation. In the script, including jQuery will usually look like this:
import $ from "jquery";
If you need to use jQuery in a file that's not an ECMAScript module, you can use the CommonJS syntax:
var $ = require( "jquery" );
AMD is a module format built for the browser. For more information, we recommend require.js' documentation.
define( [ "jquery" ], function( $ ) {
} );
To include jQuery in Node, first install with npm.
npm install jquery
For jQuery to work in Node, a window with a document is required. Since no such window exists natively in Node, one can be mocked by tools such as jsdom. This can be useful for testing purposes.
const { JSDOM } = require( "jsdom" );
const { window } = new JSDOM( "" );
const $ = require( "jquery" )( window );
FAQs
JavaScript library for DOM operations
The npm package jquery receives a total of 11,224,706 weekly downloads. As such, jquery popularity was classified as popular.
We found that jquery demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.