Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
tinygame.xyz
Advanced tools
Embedded JavaScript templates
$ npm install ejs
<% %>
<%= %>
<%- %>
-%>
ending tag<% if (user) { %>
<h2><%= user.name %></h2>
<% } %>
var template = ejs.compile(str, options);
template(data);
// => Rendered HTML string
ejs.render(str, data, options);
// => Rendered HTML string
You can also use the shortcut ejs.render(dataAndOptions);
where you pass
everything in a single object. In that case, you'll end up with local variables
for all the passed options.
cache
Compiled functions are cached, requires filename
filename
Used by cache
to key caches, and for includescontext
Function execution contextcompileDebug
When false
no debug instrumentation is compiledclient
Returns standalone compiled functiondelimiter
Character to use with angle brackets for open/closedebug
Output generated function body_with
Whether or not to use with() {}
constructs. If false
then the locals will be stored in the locals
object.<%
'Scriptlet' tag, for control-flow, no output<%=
Outputs the value into the template (HTML escaped)<%-
Outputs the unescaped value into the template<%#
Comment tag, no execution, no output<%%
Outputs a literal '<%'%>
Plain ending tag-%>
Trim-mode ('newline slurp') tag, trims following newlineIncludes are relative to the template with the include
call. (This
requires the 'filename' option.) For example if you have "./views/users.ejs" and
"./views/user/show.ejs" you would use <%- include('user/show'); %>
.
You'll likely want to use the raw output tag (<%-
) with your include to avoid
double-escaping the HTML output.
<ul>
<% users.forEach(function(user){ %>
<%- include('user/show', {user: user}); %>
<% }); %>
</ul>
Includes are inserted at runtime, so you can use variables for the path in the
include
call (for example <%- include(somePath); %>
). Variables in your
top-level data object are available to all your includes, but local variables
need to be passed down.
NOTE: Include preprocessor directives (<% include user/show %>
) are
still supported.
Custom delimiters can be applied on a per-template basis, or globally:
var ejs = require('ejs'),
users = ['geddy', 'neil', 'alex'];
// Just one template
ejs.render('<?= users.join(" | "); ?>', {users: users}, {delimiter: '?'});
// => 'geddy | neil | alex'
// Or globally
ejs.delimiter = '$';
ejs.render('<$= users.join(" | "); $>', {users: users});
// => 'geddy | neil | alex'
EJS does not specifically support blocks, but layouts can be implemented by including headers and footers, like so:
<%- include('header'); -%>
<h1>
Title
</h1>
<p>
My page
</p>
<%- include('footer'); -%>
Go to the Latest Release, download
./ejs.js
or ./ejs.min.js
.
Include one of these on your page, and ejs.render(str)
.
There are a number of implementations of EJS:
Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
EJS Embedded JavaScript templates copyright 2112 mde@fleegix.org.
FAQs
tinygame
The npm package tinygame.xyz receives a total of 57 weekly downloads. As such, tinygame.xyz popularity was classified as not popular.
We found that tinygame.xyz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.