Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
[![Build Status](https://secure.travis-ci.org/Nami-Doc/nephrite.png)](http://travis-ci.org/Nami-Doc/nephrite)
Pre-compiles Jade to Coffee/Coco/LiveScript, allowing you to have the syntax of Jade with the best perfs (only interpolation is used). It also avoids you the pain of undefined and null by auto-soaking.
To make you understand this a bit better, let's say that your code :
ul#pages
for page in @pages
li: a(href="page/#{page}")= page
will get compiled to
'<ul id="pages">' + join((function () {
var ref$, results$ = [];
for (key in ref$ = locals.pages) {
val = ref$[key];
results$.push('<li><a href="page/' + page + '">' + page + '</a></li>');
}
return results$;
}()) || '') + '</ul>'
Jade itself can be slow due to several factors (with
, attrs
, escape
) and this project allows you to avoid that!
(the code is highly unstable and total crap) Tho, it's used in html5chan and wowboardhelpers.
Files are valid jade files per se, minus the @
part.
Nephrite's default extension is .ne
- .jade
being valid too.
Compile it and use it client-side (this acts like jade's client: true
).
Attributes are passed as locals
, aliased to @
. You can pass an extra attributes object as @@
.
The code returned is a module export (module.exports = -> ...
).
# compile it
nephrite = require 'nephrite'
src = nephrite 'a(b="#{@c}")', 'index.jade', options
js = Coco.compile src, {bare: true, filename}
# use it client-side
fn obj, extra
The options object is passed to jade, without :
safe
option, for @
and @@
replacement (see below).The syntax is the same as Jade, with a few gotchas :
-
, it's jade interpolation, to allow for even better perfs on static content :ul#pages
- for (var i = 0; i <= 10; ++i)
li: a(data-page=i, href="/page/%{i}")== i
for tags, see just below.
Jade output is ==
(as seen just before). This is executed compile-time (by jade).
Jade interpolation is %{}
Tags are automatically recognized.
Currently supported tags are : if
, unless
, while
, for
, else
.
Loops are automatically joined.
To avoid complexity in the converter, for attribute interpolation you have to explicitely interpolate them :
a(href=foo) Foo!
will use jade's foo
local (compile time) whereas
a(href="#{@foo}") Foo!
will use your @foo
(locals.foo
, runtime).
Filter content is not modified in any way.
The "silent code interpolation" (and prelude) is ~
.
(take note that any code interpolation appearing BEFORE content will be moved in the prelude, out of the closure, for better perfs.)
For example :
~ template = require 'user-template'
~ /*^ this will be moved out of the closure function*/
#users
~ /*this will not*/
~ "this won't be outputted anyway"
:prelude
filter.:prelude
gen-classes = ->
classes = "post "
classes += "abc " if it.abc
classes
blah= gen-classes {}
Remember, of course, that you should avoid having too much logic in your templates
Do note one thing : replacement of @
is @@
is made globally, even in your text.
For example, div @hey
will give <div>locals.hey</div>
.
In order to avoid that, you can enable the "safe mode" through two ways :
Passing the option {+safe}
to the compiling (3rd parameter).
Using the directive in prelude :
~ "use safe"
div @hey
div= @this-is-interpolated
Be warned that this comes with a performance loss (the function is wrapped with an IIFE for the transpiler to recognize @
as this
), which is why it's not active by default.
FAQs
[![Build Status](https://secure.travis-ci.org/Nami-Doc/nephrite.png)](http://travis-ci.org/Nami-Doc/nephrite)
The npm package nephrite receives a total of 3 weekly downloads. As such, nephrite popularity was classified as not popular.
We found that nephrite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.