Gathering detailed insights and metrics for eta
Gathering detailed insights and metrics for eta
Embedded JS template engine for Node, Deno, and the browser. Lighweight, fast, and pluggable. Written in TypeScript
Installations
npm install etaDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>=6.0.0
Node Version
20.14.0
NPM Version
10.7.0
Score
99.4
Supply Chain
100
Quality
80.1
Maintenance
100
Vulnerability
100
License
Releases
51
Languages
3
TypeScript
JavaScript
HTML
TypeScript (71.38%)
JavaScript (14.47%)
HTML (14.15%)
Developer
Download Statistics
Total Downloads
78,060,439
Last Day
53,074
Last Week
1,048,534
Last Month
4,018,194
Last Year
35,993,103
GitHub Statistics
MIT License
1,505 Stars
674 Commits
65 Forks
10 Watchers
2 Branches
28 Contributors
Updated on May 21, 2025
Bundle Size
8.49 kB
Minified
3.18 kB
Minified + Gzipped
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
3.5.0
Package Id
eta@3.5.0
Unpacked Size
265.34 kB
Size
73.92 kB
File Count
35
NPM Version
10.7.0
Node Version
20.14.0
Published on
Aug 12, 2024
Total Downloads
Cumulative downloads
Total Downloads
78,060,439
Last Day
4.8%
53,074
Compared to previous day
Last Week
7.6%
1,048,534
Compared to previous week
Last Month
7.7%
4,018,194
Compared to previous month
Last Year
61.7%
35,993,103
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
26
@commitlint/cli@commitlint/config-conventional@size-limit/preset-small-lib@types/jest@types/node@typescript-eslint/eslint-plugin@typescript-eslint/parsercommitizencoverallscross-envcz-conventional-changelogeslinteslint-config-prettierhuskyjestlint-stagedmicrobundlenpprettierrimrafshelljssize-limitts-jestts-nodetslibtypescript
eta (η)
Documentation - Chat - RunKit Demo - Playground
You're viewing the source for Eta v3, which we just released! For v2, visit the old branch.
Summary
Eta is a lightweight and blazing fast embedded JS templating engine that works inside Node, Deno, and the browser. It's written in TypeScript and emphasizes great performance, configurability, and small bundle size.
🌟 Features
- 📦 0 dependencies
- 💡 Only ~3.5 KB minzipped
- ⚡️ Written in TypeScript
- ✨ Deno support (+ Node and browser)
- 🚀 Super Fast
- 🔧 Configurable
- Plugins, custom delimiters, caching
- 🔨 Powerful
- Precompilation, partials, async
- Layout support!
- 🔥 Reliable
- Better quotes/comments support
- ex.
<%= someval + "string %>" %>compiles correctly, while it fails with doT or EJS
- ex.
- Great error reporting
- Better quotes/comments support
- ⚡️ Exports ES Modules as well as UMD
- 📝 Easy template syntax
Get Started
For more thorough documentation, visit https://eta.js.org
Install Eta
1npm install eta
In the root of your project, create templates/simple.eta
1Hi <%= it.name %>!
Then, in your JS file:
1import { Eta } from "eta"; 2// import { Eta } from "https://deno.land/x/eta@v3.1.0/src/index.ts"; 3 4const eta = new Eta({ views: path.join(__dirname, "templates") }); 5 6// Render a template 7 8const res = eta.render("./simple", { name: "Ben" }); 9console.log(res); // Hi Ben!
FAQs
Where did Eta's name come from?
"Eta" means tiny in Esperanto. Plus, it can be used as an acronym for all sorts of cool phrases: "ECMAScript Template Awesomeness", "Embedded Templating Alternative", etc....
Additionally, Eta is a letter of the Greek alphabet (it stands for all sorts of cool things in various mathematical fields, including efficiency) and is three letters long (perfect for a file extension).
Integrations
Visual Studio Code
@shadowtime2000 created eta-vscode.
ESLint
eslint-plugin-eta was created to provide an ESLint processor so you can lint your Eta templates.
Webpack
Currently there is no official Webpack integration but @clshortfuse shared the loader he uses:
1{ 2 loader: 'html-loader', 3 options: { 4 preprocessor(content, loaderContext) { 5 return eta.render(content, {}, { filename: loaderContext.resourcePath }); 6 }, 7 }, 8}
Koa
To render Eta templates in Koa web framework: @cedx/koa-eta
Projects using eta
- Docusaurus v2: open-source documentation framework that uses Eta to generate a SSR build
- swagger-typescript-api: Open source typescript api codegenerator from Swagger. Uses Eta as codegenerator by templates
- html-bundler-webpack-plugin: Webpack plugin make easily to bundle HTML pages from templates, source styles and scripts
- SmartDeno: SmartDeno is an easy to setup web template using Deno & Oak
- stc: OpenAPI (Swagger) and Apifox documentation converted to api. Use eta templates to generate code.
- Add yours!
Contributors
Made with ❤ by @nebrelbug and all these wonderful contributors (emoji key):
 Ben Gubler 💻 💬 📖 ⚠️ |  Clite Tailor 🤔 💻 |  Ioan CHIRIAC 💻 🤔 |  Craig Morten 💻 |  Rajan Tiwari 💡 |  shadowtime2000 💻 🤔 ⚠️ |  Hamza Hamidi 📖 |
 Calum Knott 🤔 |  nhaef 💻 |  Gün 💻 |
This project follows the all-contributors specification. Contributions of any kind are welcome!
Credits
- Async support, file handling, and error formatting were based on code from EJS, which is licensed under the Apache-2.0 license. Code was modified and refactored to some extent.
- Syntax and some parts of compilation are heavily based off EJS, Nunjucks, and doT.
High
8.8/10
Summary
Eta vulnerable to Code Injection via templates rendered with user-defined data
Affected Versions
< 2.0.0
Patched Versions
2.0.0
High
8.6/10
Summary
XSS Attack with Express API
Affected Versions
< 2.0.0
Patched Versions
2.0.0
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 11/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/size-limit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-limit.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/size-limit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/eta-dev/eta/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:41
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 4 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/size-limit.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.9
/10
Last Scanned on 2025-05-19
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More