Gathering detailed insights and metrics for @jacob-ebey/preact-render-to-string
Gathering detailed insights and metrics for @jacob-ebey/preact-render-to-string
📄 Universal rendering for Preact: render JSX and Preact components to HTML.
Installations
npm install @jacob-ebey/preact-render-to-stringDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
19.8.1
NPM Version
9.5.1
Releases
96
Languages
2
JavaScript
TypeScript
JavaScript (99.9%)
TypeScript (0.1%)
Developer
Download Statistics
Total Downloads
492
Last Day
1
Last Week
1
Last Month
13
Last Year
143
GitHub Statistics
MIT License
684 Stars
613 Commits
95 Forks
9 Watchers
40 Branches
49 Contributors
Updated on Jul 03, 2025
Bundle Size
4.19 kB
Minified
2.04 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.0.0-streaming.2
Package Id
@jacob-ebey/preact-render-to-string@0.0.0-streaming.2
Unpacked Size
487.80 kB
Size
109.86 kB
File Count
50
NPM Version
9.5.1
Node Version
19.8.1
Published on
Apr 01, 2023
Total Downloads
Cumulative downloads
Total Downloads
492
Last Day
0%
1
Compared to previous day
Last Week
-80%
1
Compared to previous week
Last Month
0%
13
Compared to previous month
Last Year
-2.7%
143
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
preact-render-to-string
Render JSX and Preact components to an HTML string.
Works in Node & the browser, making it useful for universal/isomorphic rendering.
>> Cute Fox-Related Demo (@ CodePen) <<
Render JSX/VDOM to HTML
1import { render } from 'preact-render-to-string'; 2import { h } from 'preact'; 3/** @jsx h */ 4 5let vdom = <div class="foo">content</div>; 6 7let html = render(vdom); 8console.log(html); 9// <div class="foo">content</div>
Render Preact Components to HTML
1import { render } from 'preact-render-to-string'; 2import { h, Component } from 'preact'; 3/** @jsx h */ 4 5// Classical components work 6class Fox extends Component { 7 render({ name }) { 8 return <span class="fox">{name}</span>; 9 } 10} 11 12// ... and so do pure functional components: 13const Box = ({ type, children }) => ( 14 <div class={`box box-${type}`}>{children}</div> 15); 16 17let html = render( 18 <Box type="open"> 19 <Fox name="Finn" /> 20 </Box> 21); 22 23console.log(html); 24// <div class="box box-open"><span class="fox">Finn</span></div>
Render JSX / Preact / Whatever via Express!
1import express from 'express'; 2import { h } from 'preact'; 3import { render } from 'preact-render-to-string'; 4/** @jsx h */ 5 6// silly example component: 7const Fox = ({ name }) => ( 8 <div class="fox"> 9 <h5>{name}</h5> 10 <p>This page is all about {name}.</p> 11 </div> 12); 13 14// basic HTTP server via express: 15const app = express(); 16app.listen(8080); 17 18// on each request, render and return a component: 19app.get('/:fox', (req, res) => { 20 let html = render(<Fox name={req.params.fox} />); 21 // send it back wrapped up as an HTML5 document: 22 res.send(`<!DOCTYPE html><html><body>${html}</body></html>`); 23});
Suspense & lazy components with preact/compat & preact-ssr-prepass
1npm install preact preact-render-to-string preact-ssr-prepass
1export default () => { 2 return ( 3 <h1>Home page</h1> 4 ) 5}
1import { Suspense, lazy } from "preact/compat" 2 3// Creation of the lazy component 4const HomePage = lazy(() => import("./pages/home")) 5 6const Main = () => { 7 return ( 8 <Suspense fallback={<p>Loading</p>}> 9 <HomePage /> 10 </Suspense> 11 ) 12}
1import { render } from "preact-render-to-string" 2import prepass from "preact-ssr-prepass" 3import { Main } from "./main" 4 5const main = async () => { 6 // Creation of the virtual DOM 7 const vdom = <Main /> 8 9 // Pre-rendering of lazy components 10 await prepass(vdom) 11 12 // Rendering of components 13 const html = render(vdom) 14 15 console.log(html) 16 // <h1>Home page</h1> 17} 18 19// Execution & error handling 20main().catch(error => { 21 console.error(error) 22})
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-render-to-string/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-render-to-string/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-render-to-string/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-render-to-string/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact-render-to-string/release.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:13
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/release.yml:15
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
50 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Score
4.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More