
Security News
Next.js Patches Critical Middleware Vulnerability (CVE-2025-29927)
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
pug-loader
Advanced tools
Pug loader for webpack.
var template = require("pug-loader!./file.pug");
// => returns file.pug content as template function
// or, if you've bound .pug to pug-loader
var template = require("./file.pug");
var locals = { /* ... */ };
var html = template(locals);
// => the rendered HTML
For more information on how to use webpack loaders, check the official documentation.
In order to obtain the rendered HTML at compile time, combine this loader with apply-loader
:
var html = require("apply-loader!pug-loader!./file.pug");
// => the HTML is rendered at compile time
.jade
filespug-loader fully supports .jade
files. Just use pug-loader with .jade
files as you would with a .pug
file.
If you are using includes, you must make sure that .pug
(and if needed for legacy files, .jade
) is bound to pug-loader. Check the webpack documentation on how to do that for CLI and for configuration files.
The following options are available to be set for the loader. They are all mapped directly to Pug options, unless pointed out otherwise.
doctype
"html"
if not setglobals
self
plugins
read
or resolve
hooks, as those are reserved for the loaderpretty
filters
root
Try to use require
for all your embedded resources, to process them with webpack.
div
img(src=require("./my/image.png"))
Remember, you need to configure loaders for these file types too. You might be interested in the file loader.
FAQs
Pug loader module for webpack
The npm package pug-loader receives a total of 34,586 weekly downloads. As such, pug-loader popularity was classified as popular.
We found that pug-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.
Security News
A survey of 500 cybersecurity pros reveals high pay isn't enough—lack of growth and flexibility is driving attrition and risking organizational security.
Product
Socket, the leader in open source security, is now available on Google Cloud Marketplace for simplified procurement and enhanced protection against supply chain attacks.