![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
pug-code-gen
Advanced tools
Package description
The pug-code-gen package is a part of the Pug templating engine ecosystem. It is responsible for generating JavaScript code from Pug templates. This package is typically used internally by the Pug compiler to convert Pug syntax into executable JavaScript functions.
Generate JavaScript Code from Pug Templates
This feature allows you to generate JavaScript code from a Pug template's Abstract Syntax Tree (AST). The generated code can then be executed to render HTML.
const pugCodeGen = require('pug-code-gen');
const ast = { /* Abstract Syntax Tree of a Pug template */ };
const options = { /* options for code generation */ };
const jsCode = pugCodeGen(ast, options);
console.log(jsCode);
Custom Code Generation Options
This feature allows you to customize the code generation process by providing various options such as disabling debug information or formatting the output code to be more readable.
const pugCodeGen = require('pug-code-gen');
const ast = { /* Abstract Syntax Tree of a Pug template */ };
const options = { compileDebug: false, pretty: true };
const jsCode = pugCodeGen(ast, options);
console.log(jsCode);
The 'pug' package is the main package for the Pug templating engine. It includes the full functionality to compile Pug templates into HTML, including parsing, lexing, and code generation. It is more comprehensive compared to pug-code-gen, which focuses solely on the code generation aspect.
The 'ejs' package is another popular templating engine for JavaScript. It allows you to generate HTML with plain JavaScript. Unlike pug-code-gen, which is part of the Pug ecosystem, EJS uses a different syntax and approach for templating.
The 'handlebars' package is a powerful templating engine that provides a more logic-less approach to templates compared to Pug. Handlebars focuses on keeping the templates clean and readable, separating the logic from the markup. It serves a similar purpose but with a different philosophy and syntax.
Readme
Default code-generator for pug. It generates HTML via a JavaScript template function.
npm install pug-code-gen
var generateCode = require('pug-code-gen');
generateCode(ast, options)
Generate a JavaScript function string for the given AST.
ast
is a fully expanded AST for Pug, with all inclusion, extends, and filters resolved.
options
may contain the following properties that have the same meaning as the options with the same names in pug
:
false
true
undefined
false
[]
false
In addition to above, pug-code-gen
has the following unique options:
compileDebug
is true
; default is undefined
'template'
var lex = require('pug-lexer');
var parse = require('pug-parser');
var wrap = require('pug-runtime/wrap');
var generateCode = require('pug-code-gen');
var funcStr = generateCode(parse(lex('p Hello world!')), {
compileDebug: false,
pretty: true,
inlineRuntimeFunctions: false,
templateName: 'helloWorld'
});
//=> 'function helloWorld(locals) { ... }'
var func = wrap(funcStr, 'helloWorld');
func();
//=> '\n<p>Hello world!</p>'
new generateCode.CodeGenerator(ast, options)
The constructor for the internal class of the code generator. You shouldn't need to use this for most purposes.
MIT
FAQs
Unknown package
The npm package pug-code-gen receives a total of 881,794 weekly downloads. As such, pug-code-gen popularity was classified as popular.
We found that pug-code-gen demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.