Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Social Media Photo by Andrii Ganzevych on Unsplash
uhtml (micro µ html) is one of the smallest, fastest, memory consumption friendly, yet zero-tools based, library to safely help creating or manipulating DOM content.
{ Hole, render, html, svg, attr }
with smart auto-keyed nodes - read keyed or not ? paragraph to know more{ Hole, render, html, svg, htmlFor, svgFor, attr }
, providing keyed utilities - read keyed or not ? paragraph to know moredocument => uhtml/keyed
utility that can be bootstrapped with uhtml/dom
, LinkeDOM, JSDOM for either SSR or Workers supportuhtml/init
export to have 100% same-thing running on both client or Web Worker / Server. This entry exports { Document, DOMParser }
where the former can be used to create a new document while the latter one can parse well formed HTML or SVG content and return the document out of the box.reactive
field instead of render
, so that const render = reactive(effect)
creates a reactive render per each library, is that the render(where, () => what)
, with a function as second argument is mandatory when the rendered stuff has signals in it, otherwise these can't side-effect properly.uhtml/reactive
with @preact/signals-core
in it, so that its render
exported function, among all other preact related exports, is already working.import init from 'uhtml/init';
import { Document } from 'uhtml/dom';
const document = new Document;
const {
Hole,
render,
html, svg,
htmlFor, svgFor,
attr
} = init(document);
import { render, html, signal } from 'uhtml/preactive';
const count = signal(0);
render(document.body, () => html`
<button onclick=${() => { count.value++ }}>
Clicks: ${count.value}
</button>
`);
FAQs
A micro HTML/SVG render
The npm package uhtml receives a total of 1,099 weekly downloads. As such, uhtml popularity was classified as popular.
We found that uhtml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.