npmpackage.info

Gathering detailed insights and metrics for @stripe/stripe-js

Other packages similar to @stripe/stripe-js

@stripe/react-stripe-js

3.7.0

React components for Stripe.js and Stripe Elements

@sergdudko/stripe-js

1.3.14

Additional methods for working with stripe-js

@stripe/connect-js

3.3.25

Connect.js loading utility package

vue-stripe-js

2.0.2

Vue 3 components for Stripe.js

Gathering detailed insights and metrics for @stripe/stripe-js

@stripe/stripe-js - 7.5.0 | npmpackage.info

@stripe/stripe-js

Loading wrapper for Stripe.js

7.5.0

695

MIT

TypeScript

929.71 kB

290,810,508 5.2

Installations

npm install @stripe/stripe-js

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=12.16

Pull Requests

Open

4

Total

453

Closed

57

Merged

392

Issues

Open

12

Total

318

Closed

306

Releases

144

v7.5.0

Updated on Jul 16, 2025

v7.4.0

Updated on Jun 23, 2025

v7.3.1

Updated on May 27, 2025

v7.3.0

Updated on May 02, 2025

v7.2.0

Updated on Apr 21, 2025

v7.1.0

Updated on Apr 14, 2025

View All 144 releases

Languages

TypeScript

Shell

JavaScript

TypeScript (92.71%)

Shell (5.39%)

JavaScript (1.9%)

Developer

stripe

Download Statistics

Total Downloads

290,810,508

Last Day

455,627

Last Week

2,711,268

Last Month

11,351,707

Last Year

106,171,482

GitHub Statistics

MIT License

695 Stars

584 Commits

169 Forks

38 Watchers

169 Branches

3,127 Contributors

Updated on Jul 16, 2025

Maintainers

View All 3,127 Contributors

Package Meta Information

Latest Version

7.5.0

Package Id

@stripe/stripe-js@7.5.0

Unpacked Size

929.71 kB

Size

101.48 kB

File Count

151

Published on

Jul 16, 2025

Total Downloads

Cumulative downloads

Total Downloads

290,810,508

Last Day

45.5%

455,627

Compared to previous day

Last Week

7.2%

2,711,268

Compared to previous week

Last Month

3.4%

11,351,707

Compared to previous month

Last Year

43.1%

106,171,482

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Stripe.js as a CommonJS module or ES module

This package allows Stripe.js to be imported as a CommonJS module or ES module.

Note: To be PCI compliant, you must load Stripe.js directly from https://js.stripe.com. You cannot include it in a bundle or host it yourself. This package wraps the global Stripe function provided by the Stripe.js script as an ES module.

Calling loadStripe always loads the latest version of Stripe.js, regardless of which version of @stripe/stripe-js you use. Updates for this package only impact tooling around the loadStripe helper itself and the TypeScript type definitions provided for Stripe.js. Updates do not affect runtime availability of features of Stripe.js.

Minimum requirements

Node.js: v12.16
TypeScript: v.3.1.1

Installation

Use npm to install the Stripe.js module:

1npm install @stripe/stripe-js

Versioning

Each @stripe/stripe-js version is pinned to a specific Stripe.js version. The pinned versions are as follows:

@stripe/stripe-js	Stripe.js
<6	v3
v6	acacia
v7	basil

Usage

`loadStripe`

This function returns a Promise that resolves with a newly created Stripe object once Stripe.js has loaded. It takes the same parameters passed when directly initializing a Stripe instance. If necessary, it will load Stripe.js for you by inserting the Stripe.js script tag. If you call loadStripe in a server environment it will resolve to null.

1import {loadStripe} from '@stripe/stripe-js';
2
3const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');

We’ve placed a random API key in this example. Replace it with your actual publishable API keys to test this code through your Stripe account.

For more information on how to use Stripe.js, please refer to the Stripe.js API reference or learn to accept a payment with Stripe.

If you have deployed a Content Security Policy, make sure to include Stripe.js in your directives.

TypeScript support

This package includes TypeScript declarations for Stripe.js. We support projects using TypeScript versions >= 3.1.

Some methods in Stripe.js accept and return objects from the Stripe API. The type declarations in @stripe/stripe-js for these objects in will always track the latest version of the Stripe API. If you would like to use these types but are using an older version of the Stripe API, we recommend updating to the latest version, or ignoring and overriding the type definitions as necessary.

Note that we may release new minor and patch versions of @stripe/stripe-js with small but backwards-incompatible fixes to the type declarations. These changes will not affect Stripe.js itself.

Ensuring Stripe.js is available everywhere

To best leverage Stripe’s advanced fraud functionality, ensure that Stripe.js is loaded on every page, not just your checkout page. This allows Stripe to detect suspicious behavior that may be indicative of fraud as customers browse your website.

By default, this module will insert a <script> tag that loads Stripe.js from https://js.stripe.com. This happens as a side effect immediately upon importing this module. If you utilize code splitting or only include your JavaScript app on your checkout page, the Stripe.js script will only be available in parts of your site. To ensure Stripe.js is available everywhere, you can perform either of the following steps:

Import as a side effect

Import @stripe/stripe-js as a side effect in code that will be included throughout your site (e.g. your root module). This will make sure the Stripe.js script tag is inserted immediately upon page load.

1import '@stripe/stripe-js';

Manually include the script tag

Manually add the Stripe.js script tag to the <head> of each page on your site. If an existing script tag is already present, this module will not insert a new one. When you call loadStripe, it will use the existing script tag.

1<!-- Somewhere in your site's <head> -->
2<script src="https://js.stripe.com/basil/stripe.js" async></script>

Importing `loadStripe` without side effects

If you would like to use loadStripe in your application, but defer loading the Stripe.js script until loadStripe is first called, use the alternative @stripe/stripe-js/pure import module:

1// CommonJS module import
2const {loadStripe} = require('@stripe/stripe-js/pure');
3// ES module import
4import {loadStripe} from '@stripe/stripe-js/pure';
5
6// Stripe.js will not be loaded until `loadStripe` is called
7const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');

Disabling advanced fraud detection signals

If you would like to disable advanced fraud detection altogether, use loadStripe.setLoadParameters:

1// CommonJS module import
2const {loadStripe} = require('@stripe/stripe-js/pure');
3// ES module import
4import {loadStripe} from '@stripe/stripe-js/pure';
5
6loadStripe.setLoadParameters({advancedFraudSignals: false});
7const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');

The loadStripe.setLoadParameters function is only available when importing loadStripe from @stripe/stripe-js/pure.

Stripe.js Documentation

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

6

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

6

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

52 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

5.2

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @stripe/stripe-js

Other packages similar to @stripe/stripe-js

@stripe/stripe-js

Installations

Developer Guide

Yes

CommonJS

>=12.16

Pull Requests

4

453

57

392

Issues

12

318

306

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

290,810,508

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

Stripe.js as a CommonJS module or ES module

Minimum requirements

Installation

Versioning

Usage

loadStripe

TypeScript support

Ensuring Stripe.js is available everywhere

Import as a side effect

Manually include the script tag

Importing loadStripe without side effects

Disabling advanced fraud detection signals

Stripe.js Documentation

10

10

10

10

10

6

6

0

0

0

0

0

0

5.2

/10

`loadStripe`

Importing `loadStripe` without side effects