Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
pug-runtime
Advanced tools
The pug-runtime package is a runtime library for Pug, a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers. It is used to render Pug templates into HTML.
Rendering Pug Templates
This feature allows you to compile and render Pug templates into HTML. The code sample demonstrates how to compile a simple Pug template and render it with a given context.
const pug = require('pug-runtime');
const template = pug.compile('p Hello, #{name}!');
const html = template({ name: 'World' });
console.log(html); // Outputs: <p>Hello, World!</p>
Precompiled Templates
This feature allows you to use precompiled Pug templates. The code sample shows how to render HTML using a precompiled template function.
const pug = require('pug-runtime');
const precompiledTemplate = function(locals) { return pug.render('p Hello, ' + locals.name + '!'); };
const html = precompiledTemplate({ name: 'World' });
console.log(html); // Outputs: <p>Hello, World!</p>
EJS (Embedded JavaScript templates) is a simple templating language that lets you generate HTML markup with plain JavaScript. It is similar to Pug in that it allows embedding JavaScript code within the template, but it uses a different syntax and is generally considered easier to learn for those familiar with HTML.
Handlebars.js is a popular templating engine that builds on the Mustache templating language. It provides a way to build semantic templates effectively with minimal logic. Unlike Pug, Handlebars focuses on keeping the logic out of the templates, making them more readable and maintainable.
Nunjucks is a full-featured templating engine for JavaScript, inspired by Jinja2. It is designed to be powerful and flexible, supporting both server-side and client-side rendering. Nunjucks offers a syntax that is more similar to traditional templating languages like Jinja2, making it a good alternative for those who prefer a more familiar syntax.
The runtime components for the pug templating language
npm install pug-runtime
You can call runtime methods directly using runtime.method
. This is particularly useful when compiling to deal with things that are already known at compile time.
var runtime = require('pug-runtime');
assert(runtime.attr('foo', 'bar', true, true) === ' foo="bar"');
You can also build a string with a given list of functions available as pug_method
by calling build(arrayOfMethods)
. This is useful for inlining runtime functions within the compiled templates.
var build = require('pug-runtime/build');
var src = build(['attr']);
var attr = Function('', src + ';return pug_attr;')();
assert(attr('foo', 'bar', true, true) === ' foo="bar"');
When testing code compiled for the browser in Node.js, it is necessary to make the runtime available. To do so, one can use require('pug-runtime/wrap')
:
var pug = require('pug');
var wrap = require('pug-runtime/wrap');
var pugSrc = 'p= content';
// By default compileClient automatically embeds the needed runtime functions,
// rendering this module useless.
var compiledCode = pug.compileClient(pugSrc, {
externalRuntime: true
});
//=> 'function template (locals) { ... pug.escape() ... }'
var templateFunc = wrap(compiledCode);
templateFunc({content: 'Hey!'});
//=> '<p>Hey!</p>'
// Change template function name to 'heyTemplate'
compiledCode = pug.compileClient(pugSrc, {
externalRuntime: true,
name: 'heyTemplate'
});
//=> 'function heyTemplate (locals) { ... }'
templateFunc = wrap(compiledCode, 'heyTemplate');
templateFunc({content: 'Hey!'});
//=> '<p>Hey!</p>'
MIT
FAQs
The runtime components for the pug templating language
The npm package pug-runtime receives a total of 1,216,235 weekly downloads. As such, pug-runtime popularity was classified as popular.
We found that pug-runtime demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.