Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A template engine for all purposes.
Note: This package is currently under development and may change, please do not use in production.
Each template is wrapped in a template html tag and referenced by a unique name using the name attribute.
<template name="welcome">
<p>Welcome</p>
</template>
This is not the common way, but you can create a template directly from JavaScript.
import Kandybars from "kandybars";
Kandybars.registerTemplate('welcome', '<p>Welcome</p>');
You can also load templates contained in a string by parsing it.
import Kandybars from "kandybars";
Kandybars.parseTemplates('<template name="hello">Hello World</template>');
Kandybars.render('hello');
All comments are removed from the code when the template is rendered.
<template name="secret">
{{! this comment will not appear in the final HTML}}
<p>{{secret}}</p>
</template>
<template name="hello">
<p>Hello {{user.name}}</p>
</template>
import Kandybars from "kandybars";
var tpl = Kandybars.render('hello', {
user: {name: "Karl"}
});
Loops are done easily using javascript arrays.
<template name="colors">
<ul>
{{#each colors}}
<li>{{name}} : {{hexCode}}</li>
{{/each}}
</ul>
</template>
import Kandybars from "kandybars";
var tpl = Kandybars.render('colors', {
colors: [
{
name: "red",
hexCode: "ff0000"
},
{
name: "green",
hexCode: "00ff00"
},
{
name: "blue",
hexCode: "0000ff"
}
]
});
It is possible to display data depending of the result of an expression.
<template name="messageCounter">
{{#if messageCount > 0}}
<p>You have {{messageCount}} messages</p>
{{else}}
<p>You don't have any messages</p>
{{/if}}
</template>
import Kandybars from "kandybars";
var tpl = Kandybars.render('messageCounter', {
messageCount: 19
});
Helpers are like functions but they are used directly inside templates, they accept arguments.
<template name="interest">
<p>I love {{uppercase interest}}</p>
</template>
import Kandybars from "kandybars";
Kandybars.registerHelper('uppercase', function(word) {
return word ? word.toUpperCase() : "";
});
var tpl = Kandybars.render('interest', {
interest: "coding"
});
Evals allow to get the result of an expression.
<template name="formula">
<p>x + y - 0.5 = {{eval x + y - 0.5}}</p>
</template>
import Kandybars from "kandybars";
var tpl = Kandybars.render('formula', {
x: 100,
y: Math.random() * 10
});
Templates that are already loaded can be included inside other templates by using a special helper.
<template name="colors">
<ul>
{{#each colors}}
{{> colorListItem}}
{{/each}}
</ul>
</template>
<template name="colorListItem">
<li>{{name}} : {{hexCode}}</li>
</template>
import Kandybars from "kandybars";
var tpl = Kandybars.render('colors', {
colors: [
{
name: "red",
hexCode: "ff0000"
},
{
name: "green",
hexCode: "00ff00"
},
{
name: "blue",
hexCode: "0000ff"
}
]
});
History of releases is in the changelog.
The code is released under the MIT License.
If you find this lib useful and would like to support my work, donations are welcome :)
0.9.4
FAQs
A template engine for all purposes.
The npm package kandybars receives a total of 41 weekly downloads. As such, kandybars popularity was classified as not popular.
We found that kandybars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.