Gathering detailed insights and metrics for @shopify/draggable
Gathering detailed insights and metrics for @shopify/draggable
The JavaScript Drag & Drop library your grandparents warned you about.
Installations
npm install @shopify/draggableDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, UMD
Node Version
18.17.1
NPM Version
9.6.7
Releases
18
Languages
2
JavaScript
TypeScript
JavaScript (73.83%)
TypeScript (26.17%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
18,303 Stars
482 Commits
1,109 Forks
611 Watchers
44 Branches
7,101 Contributors
Updated on Jul 10, 2025
Maintainers
8
Package Meta Information
Latest Version
1.1.4
Package Id
@shopify/draggable@1.1.4
Unpacked Size
637.99 kB
Size
99.50 kB
File Count
273
NPM Version
9.6.7
Node Version
18.17.1
Published on
Mar 19, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
31
@babel/core@babel/plugin-proposal-decorators@babel/preset-env@babel/preset-typescript@changesets/changelog-github@changesets/cli@rollup/plugin-babel@rollup/plugin-commonjs@rollup/plugin-node-resolve@rollup/plugin-typescript@shopify/eslint-plugin@shopify/prettier-config@shopify/typescript-configs@types/jest@types/nodeconcurrentlyesdocesdoc-ecmascript-proposal-pluginesdoc-standard-plugineslintjestjest-environment-jsdomprettierrolluprollup-plugin-cleanuprollup-plugin-includepathsrollup-plugin-node-externalstimerstsc-aliastypescriptuglify-js
Development
Draggable is no longer maintained by its original authors. Maintenance of this repo has been passed on to new collaborators and is no longer worked on by anyone at Shopify.
We are still looking for more maintainers! If anyone is interested in answering / triaging issues, reviewing / rejecting / approving PRs, and authoring code for bug fixes / new features — please send an email to max.hoffmann (at) shopify (dot) com. You may be asked a few questions before obtaining collaboration permission, but if everything checks out, we will happily add you as a collaborator.
Get complete control over drag and drop behaviour with Draggable! Draggable abstracts
native browser events into a comprehensive API to create a custom drag and drop experience.
Draggable comes with additional modules: Sortable, Droppable, Swappable. Draggable
itself does not perform any sorting behaviour while dragging, but does the heavy lifting, e.g.
creates mirror, emits events, manages sensor events, makes elements draggable.
The additional modules are built on top of Draggable and therefore provide a similar API
interface, for more information read the documentation below.
Features
- Works with native drag, mouse, touch and force touch events
- Can extend dragging behaviour by hooking into draggables event life cycle
- Can extend drag detection by adding sensors to draggable
- The library is targeted ES6 first
Table of Contents
Install
You can install the library via npm.
1npm install @shopify/draggable --save
or via yarn:
1yarn add @shopify/draggable
or via CDN
1<!-- Entire bundle --> 2<script type="module"> 3 import { 4 Draggable, 5 Sortable, 6 Droppable, 7 Swappable, 8 } from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/index.mjs'; 9</script> 10<!-- Draggable only --> 11<script type="module"> 12 import Draggable from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/Draggable/Draggable.mjs'; 13</script> 14<!-- Sortable only --> 15<script type="module"> 16 import Sortable from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/Sortable/Sortable.mjs'; 17</script> 18<!-- Droppable only --> 19<script type="module"> 20 import Droppable from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/Droppable/Droppable.mjs'; 21</script> 22<!-- Swappable only --> 23<script type="module"> 24 import Swappable from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/Swappable/Swappable.mjs'; 25</script> 26<!-- Plugins only --> 27<script type="module"> 28 import * as Plugins from 'https://cdn.jsdelivr.net/npm/@shopify/draggable/build/esm/Plugins/index.mjs'; 29</script> 30<!-- UMD browser --> 31<script src="https://cdn.jsdelivr.net/npm/@shopify/draggable/build/umd/index.min.js"></script> 32<script> 33 console.log(window.Draggable); 34</script>
Browser Compatibility
Check the "browserlist" property in package.json for more info
 |  |  |  |  |
|---|---|---|---|---|
| Last 3 versions ✔ | Last 3 versions ✔ | Last 3 versions ✔ | Last 3 versions ✔ | Last 3 versions ✔ |
Documentation
You can find the documentation for each module within their respective directories.
TypeScript
Draggable includes TypeScript definitions.
Running examples
To run the examples project locally, simply run the following from the draggable root:
1yarn && yarn start
This will start a server that hosts the contents of examples/. It also watches for file
changes from both src/ and examples/src and reloads the browser.
Contributing
Contributions are more than welcome, the code base is still new and needs more love.
For more information, please checkout the contributing document.
Related resources
- Ember CLI Shim on Github by @timrourke
- Ember CLI Shim on NPM by @timrourke
Copyright
Copyright (c) 2018-present Shopify. See LICENSE.md for further details.
No vulnerabilities found.
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/Shopify/.github/SECURITY.md:1
- Info: Found linked content: github.com/Shopify/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/Shopify/.github/SECURITY.md:1
Reason
Found 1/7 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/changelog.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/cla.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/snapit.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cla.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/cla.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapit.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapit.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapit.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapit.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapit.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapit.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/Shopify/draggable/snapit.yml/main?enable=pin
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-f4c9-cqv8-9v98
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-xf5p-87ch-gxw2
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
3.5
/10
Last Scanned on 2024-07-01
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More