Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
The Pug loader is responsible for loading the depenendencies of a given Pug file.
The pug-load package is a utility for loading and resolving Pug templates. It is typically used internally by the Pug templating engine to handle the loading of templates, including resolving includes and extends statements.
Load a Pug template
This feature allows you to load a Pug template from a specified file path. The `loadFile` function reads the Pug file and returns its content.
const pugLoad = require('pug-load');
const template = pugLoad.loadFile('path/to/template.pug');
Resolve includes and extends
This feature resolves the path of an included or extended Pug template. The `resolve` function takes the path of the included template and options, and returns the resolved path.
const pugLoad = require('pug-load');
const options = { filename: 'path/to/template.pug' };
const resolvedTemplate = pugLoad.resolve('include.pug', options);
Compile a Pug template
This feature allows you to compile a loaded Pug template into a render function. The `compile` function from the Pug package is used to compile the template, and the resulting function can be called with data to generate HTML.
const pugLoad = require('pug-load');
const pug = require('pug');
const template = pugLoad.loadFile('path/to/template.pug');
const compiledFunction = pug.compile(template);
const html = compiledFunction({ name: 'World' });
The `pug` package is the main Pug templating engine. It includes functionality for compiling Pug templates into HTML. While `pug-load` focuses on loading and resolving templates, `pug` provides the full templating engine capabilities.
The `pug-cli` package provides a command-line interface for compiling Pug templates. It is useful for integrating Pug compilation into build processes. Unlike `pug-load`, which is a utility for loading templates, `pug-cli` is focused on command-line usage.
The `pug-lexer` package is a lexer for Pug templates. It tokenizes Pug source code into a stream of tokens. This package is more low-level compared to `pug-load`, which deals with loading and resolving templates.
The pug loader is responsible for loading the depenendencies of a given pug file. It adds fullPath
and str
properties to every Include
and Extends
node. It also adds an ast
property to any Include
nodes that are loading pug and any Extends
nodes. It then recursively loads the dependencies of any of those included files.
npm install pug-load
var load = require('pug-load');
load(ast, options)
load.string(str, filename, options)
load.file(filename, options)
Loads all dependencies of the Pug AST. load.string
and load.file
are syntactic sugar that parses the string or file instead of you doing it yourself.
options
may contain the following properties:
lex
(function): (required) the lexer usedparse
(function): (required) the parser usedresolve
(function): a function used to override load.resolve
. Defaults to load.resolve
.read
(function): a function used to override load.read
. Defaults to load.read
.basedir
(string): the base directory of absolute inclusion. This is required when absolute inclusion (file name starts with '/'
) is used. Defaults to undefined.The options
object is passed to load.resolve
and load.read
, or equivalently options.resolve
and options.read
.
load.resolve(filename, source, options)
Callback used by pug-load
to resolve the full path of an included or extended file given the path of the source file.
filename
is the included file. source
is the name of the parent file that includes filename
.
This function is not meant to be called from outside of pug-load
, but rather for you to override.
load.read(filename, options)
Callback used by pug-load
to return the contents of a file.
filename
is the file to read.
This function is not meant to be called from outside of pug-load
, but rather for you to override.
load.validateOptions(options)
Callback used pug-load
to ensure the options object is valid. If your overridden load.resolve
or load.read
uses a different options
scheme, you will need to override this function as well.
This function is not meant to be called from outside of pug-load
, but rather for you to override.
var fs = require('fs');
var lex = require('pug-lexer');
var parse = require('pug-parser');
var load = require('pug-load');
// you can do everything very manually
var str = fs.readFileSync('bar.pug', 'utf8');
var ast = load(parse(lex(str, 'bar.pug'), 'bar.pug'), {
lex: lex,
parse: parse,
resolve: function (filename, source, options) {
console.log('"' + filename + '" file requested from "' + source + '".');
return load.resolve(filename, source, options);
}
});
// or you can do all that in just two steps
var str = fs.readFileSync('bar.pug', 'utf8');
var ast = load.string(str, 'bar.pug', {
lex: lex,
parse: parse,
resolve: function (filename, source, options) {
console.log('"' + filename + '" file requested from "' + source + '".');
return load.resolve(filename, source, options);
}
});
// or you can do all that in only one step
var ast = load.file('bar.pug', {
lex: lex,
parse: parse,
resolve: function (filename, source, options) {
console.log('"' + filename + '" file requested from "' + source + '".');
return load.resolve(filename, source, options);
}
});
MIT
FAQs
The Pug loader is responsible for loading the depenendencies of a given Pug file.
The npm package pug-load receives a total of 1,150,289 weekly downloads. As such, pug-load popularity was classified as popular.
We found that pug-load demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.