New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

kensington

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

kensington

This template engine is a way to create html via nested method calls. Each tag is a method on a TemplateEngine instance which can receive an object literal of attributes and their values, and/or content. The output is a nicely formatted html string.

latest
Source
npmnpm
Version
0.11.1
Version published
Maintainers
1
Created
Source

This template engine is a way to create html via nested method calls. Each tag is a method on a TemplateEngine instance which can receive an object literal of attributes and their values, and/or content. The output is a nicely formatted html string.

  • arguments can be an object of attributes, content (string, element, or array of either), or both
  • nested attributes are converted to kebab-case { data: { bs: { toggle: 'collapse' } } } becomes data-bs-toggle="collapse"
  • camelCase attibute become kebabcase { dataBsToggle: 'collapse' } becomes data-bs-toggle="collapse"
  • attributes are validated against those found here
  • attributes with a boolean value will either be included or not: t.input({ type: 'checkbox', checked: true }) becomes <input type="checkbox" checked> or <input type="checkbox"> if checked is false
  • Global attributes are always allowed, along with aria-* and data-* attributes.
  • Additional attribute namespaces (like hx when using htmx) can be added by passing the additionalNamespaces property to the constructor
  • validationLevel can be set to off, warn, or error.
  • the .literal method allows you to pass in html as a string.
  • .htmlWithDocType is the same as .html, but adds the <!DOCTYPE html> tag to the beginning of the string.
  • call .toString() on the outermost method to expicitly convert to string. This can often be omitted if the output is sent as a string.
  • string interpolation automatically converts the tag to string `${t.html(t.body('hello'))}`
  • In the browser, call .toElement() to create a dom element instead of a string
  • you can add your own custom elements:
    • extend the Kensington class with your own
    • set a property equal to this.createCustomTag() with the following arguments
      • tagName - the name that is used in the <some-custom-element></some-custom-element>
      • allowedAttributes - an optional object of allowed attribute names and types. Global and data/aria attributes are always allowed

Example

// TypeScript
import Kensington from 'kensington';
import type { ContentMethod } from 'kensington';

declare module 'kensington' {
  interface NameSpaceAttributes {
    [key: `hx${string}`]: string | object
  }
}

class MyTemplateEngine extends Kensington {
  someCustomElement: ContentMethod<{ someCustomAttribute?: boolean | 42 }> = this.createCustomTag('custom-element', { 'some-custom-attribute': [Boolean, 42] });
}

// JavaScript
import Kensington from 'kensington.js';

class MyTemplateEngine extends Kensington {
  someCustomElement = this.createCustomTag('some-custom-element', { 'some-custom-attribute': [Boolean, 42] });
}

const t = new MyTemplateEngine({ 
  validationLevel: 'warn', 
  additionalNamespaces: ['hx'], 
  indentationLevel: 2,
});

const html = t.htmlWithDoctype({ lang: 'en' }, [
  t.head(t.title('My Page Title')),
  t.body(
    t.main({ class: 'container' }, [
      t.h1('My Great Project'),
      t.h3({ class: 'small' }, 'a new way'),
      t.hr({ class: 'fancy-line' }),
      t.section([
        'To Do List',
        t.ul([
          t.li({
            data: {
              bs: {
                toggle: 'collapse',
                target: '#some-id',
              },
            },
            ariaExpanded: 'false',
          }, 'this'),
          t.li([
            t.input({ id: 'coolness', type: 'checkbox', checked: isCool }),
            t.label({ for: 'coolness'}, 'Cool?')
          ]),
          t.literal('<li>some regular html</li>'),
        ]),
      ]),
    ]),
  ),
]).toString();

/* Generated html
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>My Page Title</title>
  </head>
  <body>
    <main class="container">
      <h1>My Great Project</h1>
      <h3 class="small">a new way</h3>
      <hr class="fancy-line">
      <section>
        To Do List
        <ul>
          <li data-bs-toggle="collapse" data-bs-target="#some-id" aria-expanded="false">this</li>
          <li>
            <input id="coolness" type="checkbox">
            <label for="coolness">Cool?</label>
          </li>
          <li>some regular html</li>
        </ul>
      </section>
    </main>
  </body>
</html>
*/

// import instance directly if you don't need customization
import { t } from 'kensington';

Keywords

template
markup
javascript
express
html

FAQs

Package last updated on 01 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026