A modest JavaScript framework for the HTML you already have
Installations
npm install @hotwired/stimulusDeveloper
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
16.15.0
NPM Version
8.5.5
Statistics
12,734 Stars
1,127 Commits
426 Forks
198 Watching
14 Branches
92 Contributors
Updated on 28 Nov 2024
Bundle Size
45.03 kB
Minified
10.88 kB
Minified + Gzipped
Languages
TypeScript (98.03%)
JavaScript (1.97%)
Total Downloads
Cumulative downloads
Total Downloads
43,507,806
Last day
-8.9%
73,786
Compared to previous day
Last week
3.9%
423,247
Compared to previous week
Last month
2.5%
1,760,713
Compared to previous month
Last year
20.6%
19,437,240
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
24
Stimulus
A modest JavaScript framework for the HTML you already have
Stimulus is a JavaScript framework with modest ambitions. It doesn't seek to take over your entire front-end—in fact, it's not concerned with rendering HTML at all. Instead, it's designed to augment your HTML with just enough behavior to make it shine. Stimulus pairs beautifully with Turbo to provide a complete solution for fast, compelling applications with a minimal amount of effort.
How does it work? Sprinkle your HTML with controller, target, and action attributes:
1<div data-controller="hello"> 2 <input data-hello-target="name" type="text"> 3 4 <button data-action="click->hello#greet">Greet</button> 5 6 <span data-hello-target="output"></span> 7</div>
Then write a compatible controller. Stimulus brings it to life automatically:
1// hello_controller.js 2import { Controller } from "@hotwired/stimulus" 3 4export default class extends Controller { 5 static targets = [ "name", "output" ] 6 7 greet() { 8 this.outputTarget.textContent = 9 `Hello, ${this.nameTarget.value}!` 10 } 11}
Stimulus continuously watches the page, kicking in as soon as attributes appear or disappear. It works with any update to the DOM, regardless of whether it comes from a full page load, a Turbo page change, or an Ajax request. Stimulus manages the whole lifecycle.
You can write your first controller in five minutes by following along in the Stimulus Handbook.
You can read more about why we created this new framework in The Origin of Stimulus.
Installing Stimulus
You can use Stimulus with any asset packaging systems. And if you prefer no build step at all, just drop a <script> tag on the page and get right down to business.
See the Installation Guide for detailed instructions.
Getting Help
Looking for the docs? Once you've read through the Handbook, consult the Stimulus Reference for API details.
Have a question about Stimulus? Connect with other Stimulus developers on the Hotwire Discourse community forum.
Contributing Back
Find a bug? Head over to our issue tracker and we'll do our best to help. We love pull requests, too!
We expect all Stimulus contributors to abide by the terms of our Code of Conduct.
Development
- Fork the project locally
yarn installyarn start- to run the local dev server with examplesyarn test- to run the unit testsyarn lint- to run the linter with ESLintyarn format- to format changes with Prettier
Acknowledgments
Stimulus is MIT-licensed open-source software from Basecamp, the creators of Ruby on Rails.
Continuous integration VMs generously provided by Sauce Labs.
© 2024 Basecamp, LLC.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
Found 12/17 approved changesets -- score normalized to 7
Reason
4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/dev-builds.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-builds.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/dev-builds.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-builds.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/dev-builds.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hotwired/stimulus/test.yml/main?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
25 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @hotwired/stimulus
@csedl/stimulus-initializer
Initializer for Hotwired/Stimulus
@hotwired/stimulus-webpack-helpers
Webpack helpers for Stimulus.
@mguidetti/stimulus-components
[Stimulus](https://github.com/hotwired/stimulus) components used in my projects. Free to use and contributions welcome.
stimulus-use
A collection of standard controllers and utilities for Stimulus