Gathering detailed insights and metrics for clipboard
✂️ Modern copy to clipboard. No Flash. Just 3kb gzipped 📋
Installations
npm install clipboardDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
16.13.2
NPM Version
8.1.2
Score
98.2
Supply Chain
100
Quality
79.2
Maintenance
100
Vulnerability
100
License
Releases
42
Contributors
60
Unable to fetch Contributors
Languages
3
JavaScript
TypeScript
Shell
JavaScript (99.14%)
TypeScript (0.54%)
Shell (0.31%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
690,791,255
Last Day
323,458
Last Week
1,680,256
Last Month
6,963,529
Last Year
80,402,038
GitHub Statistics
MIT License
34,098 Stars
396 Commits
3,969 Forks
418 Watchers
9 Branches
60 Contributors
Updated on Feb 12, 2025
Bundle Size
8.97 kB
Minified
3.08 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
2.0.11
Package Id
clipboard@2.0.11
Unpacked Size
92.26 kB
Size
24.49 kB
File Count
52
NPM Version
8.1.2
Node Version
16.13.2
Total Downloads
Cumulative downloads
Total Downloads
690,791,255
Last Day
1.9%
323,458
Compared to previous day
Last Week
6.3%
1,680,256
Compared to previous week
Last Month
52.1%
6,963,529
Compared to previous month
Last Year
-6.5%
80,402,038
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
25
clipboard.js
Modern copy to clipboard. No Flash. Just 3kb gzipped.
Why
Copying text to the clipboard shouldn't be hard. It shouldn't require dozens of steps to configure or hundreds of KBs to load. But most of all, it shouldn't depend on Flash or any bloated framework.
That's why clipboard.js exists.
Install
You can get it on npm.
npm install clipboard --save
Or if you're not into package management, just download a ZIP file.
Setup
First, include the script located on the dist folder or load it from a third-party CDN provider.
1<script src="dist/clipboard.min.js"></script>
Now, you need to instantiate it by passing a DOM selector, HTML element, or list of HTML elements.
1new ClipboardJS('.btn');
Internally, we need to fetch all elements that matches with your selector and attach event listeners for each one. But guess what? If you have hundreds of matches, this operation can consume a lot of memory.
For this reason we use event delegation which replaces multiple event listeners with just a single listener. After all, #perfmatters.
Usage
We're living a declarative renaissance, that's why we decided to take advantage of HTML5 data attributes for better usability.
Copy text from another element
A pretty common use case is to copy content from another element. You can do that by adding a data-clipboard-target attribute in your trigger element.
The value you include on this attribute needs to match another's element selector.
1<!-- Target --> 2<input id="foo" value="https://github.com/zenorocha/clipboard.js.git" /> 3 4<!-- Trigger --> 5<button class="btn" data-clipboard-target="#foo"> 6 <img src="assets/clippy.svg" alt="Copy to clipboard" /> 7</button>
Cut text from another element
Additionally, you can define a data-clipboard-action attribute to specify if you want to either copy or cut content.
If you omit this attribute, copy will be used by default.
1<!-- Target --> 2<textarea id="bar">Mussum ipsum cacilds...</textarea> 3 4<!-- Trigger --> 5<button class="btn" data-clipboard-action="cut" data-clipboard-target="#bar"> 6 Cut to clipboard 7</button>
As you may expect, the cut action only works on <input> or <textarea> elements.
Copy text from attribute
Truth is, you don't even need another element to copy its content from. You can just include a data-clipboard-text attribute in your trigger element.
1<!-- Trigger --> 2<button 3 class="btn" 4 data-clipboard-text="Just because you can doesn't mean you should — clipboard.js" 5> 6 Copy to clipboard 7</button>
Events
There are cases where you'd like to show some user feedback or capture what has been selected after a copy/cut operation.
That's why we fire custom events such as success and error for you to listen and implement your custom logic.
1var clipboard = new ClipboardJS('.btn'); 2 3clipboard.on('success', function (e) { 4 console.info('Action:', e.action); 5 console.info('Text:', e.text); 6 console.info('Trigger:', e.trigger); 7 8 e.clearSelection(); 9}); 10 11clipboard.on('error', function (e) { 12 console.error('Action:', e.action); 13 console.error('Trigger:', e.trigger); 14});
For a live demonstration, go to this site and open your console.
Tooltips
Each application has different design needs, that's why clipboard.js does not include any CSS or built-in tooltip solution.
The tooltips you see on the demo site were built using GitHub's Primer. You may want to check that out if you're looking for a similar look and feel.
Advanced Options
If you don't want to modify your HTML, there's a pretty handy imperative API for you to use. All you need to do is declare a function, do your thing, and return a value.
For instance, if you want to dynamically set a target, you'll need to return a Node.
1new ClipboardJS('.btn', { 2 target: function (trigger) { 3 return trigger.nextElementSibling; 4 }, 5});
If you want to dynamically set a text, you'll return a String.
1new ClipboardJS('.btn', {
2 text: function (trigger) {
3 return trigger.getAttribute('aria-label');
4 },
5});For use in Bootstrap Modals or with any other library that changes the focus you'll want to set the focused element as the container value.
1new ClipboardJS('.btn', {
2 container: document.getElementById('modal'),
3});Also, if you are working with single page apps, you may want to manage the lifecycle of the DOM more precisely. Here's how you clean up the events and objects that we create.
1var clipboard = new ClipboardJS('.btn'); 2clipboard.destroy();
Browser Support
This library relies on both Selection and execCommand APIs. The first one is supported by all browsers while the second one is supported in the following browsers.
 |  |  |  |  |  |
|---|---|---|---|---|---|
| 42+ ✔ | 12+ ✔ | 41+ ✔ | 9+ ✔ | 29+ ✔ | 10+ ✔ |
The good news is that clipboard.js gracefully degrades if you need to support older browsers. All you have to do is show a tooltip saying Copied! when success event is called and Press Ctrl+C to copy when error event is called because the text is already selected.
You can also check if clipboard.js is supported or not by running ClipboardJS.isSupported(), that way you can hide copy/cut buttons from the UI.
Bonus
A browser extension that adds a "copy to clipboard" button to every code block on GitHub, MDN, Gist, StackOverflow, StackExchange, npm, and even Medium.
Install for Chrome and Firefox.
License
MIT License © Zeno Rocha
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 5/8 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.js.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/test.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.js.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/zenorocha/clipboard.js/test.js.yml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.js.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-q9mw-68c2-j6m5
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.2
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More