Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
Picodom
Picodom is a 1 KB Virtual DOM builder and patch function.
import { h, patch } from "picodom"
let element, oldNode
function render(node) {
return element = patch(oldNode, (oldNode = node), element)
}
function view(state) {
return (
<div>
<h1>{state}</h1>
<input
autofocus
type="text"
value={state}
oninput={e => render(view(e.target.value))}
/>
</div>
)
}
render(view("Hello!"))
Picodom supports keyed updates & lifecycle events — all with no dependencies. Mix it with your favorite state management library and roll your own custom view framework.
Installation
Download the minified library from a CDN.
<script src="https://unpkg.com/picodom"></script>
Then access the exported global.
const { h, patch } = picodom
Or install with npm / Yarn.
npm i picodom
Then build with a bundler, e.g., Browserify, Rollup, Webpack, etc., and import it.
import { h, patch } from "picodom"
API
h
h( string | VirtualComponent, Attributes, Array<VirtualNode> | string ): VirtualNode
VirtualNode
{
tag: string,
data: Attributes,
children: Array<VirtualNode>
}
VirtualComponent
(any, Array<VirtualNode> | string): VirtualNode
Attributes
HTMLAttributes | SVGAttributes | DOMEvents | VirtualDOMEvents
VirtualDOMEvents
oncreate
Fired after the element is created and attached to the DOM.
oncreate(Element): void
onupdate
Fired after the element attributes are updated. This event will fire even if the attributes have not changed.
onupdate(Element, oldData: Attributes): void
onremove
Fired before the element is removed from the DOM.
onremove(Element): void
patch
patch( oldNode: VirtualNode, newNode: VirtualNode, element: HTMLElement, root: HTMLElement | document.body ): HTMLElement
Links
License
Picodom is MIT licensed. See LICENSE.
FAQs
This package is no longer supported and has been deprecated. To avoid malicious use, npm is hanging on to the package name.
The npm package picodom receives a total of 13 weekly downloads. As such, picodom popularity was classified as not popular.
We found that picodom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Aug 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025