Gathering detailed insights and metrics for handlebars-loader
Gathering detailed insights and metrics for handlebars-loader
Installations
npm install handlebars-loaderDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.13.1
NPM Version
8.1.2
Score
96.8
Supply Chain
94.5
Quality
79.2
Maintenance
100
Vulnerability
100
License
Languages
2
JavaScript
Handlebars
JavaScript (96.11%)
Handlebars (3.89%)
Developer
pcardune
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
562 Stars
198 Commits
168 Forks
3 Watchers
9 Branches
26 Contributors
Updated on Apr 05, 2025
Maintainers
3
Package Meta Information
Latest Version
1.7.3
Package Id
handlebars-loader@1.7.3
Unpacked Size
22.75 kB
Size
6.87 kB
File Count
5
NPM Version
8.1.2
Node Version
16.13.1
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Peer Dependencies
1
handlebars-loader
A handlebars template loader for webpack.
Handlebars 4 now supported
Installation
npm i handlebars-loader --save
General Usage
webpack configuration
1{ 2 ... 3 module: { 4 rules: [ 5 ... 6 { test: /\.handlebars$/, loader: "handlebars-loader" } 7 ] 8 } 9}
Your JS making use of the templates
1var template = require("./file.handlebars"); 2// => returns file.handlebars content as a template function
Details
The loader resolves partials and helpers automatically. They are looked up relative to the current directory (this can be modified with the rootRelative option) or as a module if you prefix with $.
1A file "/folder/file.handlebars". 2{{> partial}} will reference "/folder/partial.handlebars". 3{{> ../partial}} will reference "/partial.handlebars". 4{{> $module/partial}} will reference "/folder/node_modules/module/partial.handlebars". 5{{helper}} will reference the helper "/folder/helper.js" if this file exists. 6{{[nested/helper] 'helper parameter'}} will reference the helper "/folder/nested/helper.js" if this file exists, passes 'helper parameter' as first parameter to helper. 7{{../helper}} {{$module/helper}} are resolved similarly to partials.
The following query (or config) options are supported:
- helperDirs: Defines additional directories to be searched for helpers. Allows helpers to be defined in a directory and used globally without relative paths. You must surround helpers in subdirectories with brackets (Handlerbar helper identifiers can't have forward slashes without this). See example
- runtime: Specify the path to the handlebars runtime library. Defaults to look under the local handlebars npm module, i.e.
handlebars/runtime. - extensions: Searches for templates with alternate extensions. Defaults are .handlebars, .hbs, and '' (no extension).
- inlineRequires: Defines a regex that identifies strings within helper/partial parameters that should be replaced by inline require statements. Note: For this to work, you'll have to disable the
esModuleOption in the corresponding file-loader entry in your webpack config. - rootRelative: When automatically resolving partials and helpers, use an implied root path if none is present. Default =
./. Setting this to be empty effectively turns off automatically resolving relative handlebars resources for items like{{helper}}.{{./helper}}will still resolve as expected. - knownHelpers: Array of helpers that are registered at runtime and should not explicitly be required by webpack. This helps with interoperability for libraries like Thorax helpers.
- exclude: Defines a regex that will exclude paths from resolving. This can be used to prevent helpers from being resolved to modules in the
node_modulesdirectory. - debug: Shows trace information to help debug issues (e.g. resolution of helpers).
- partialDirs: Defines additional directories to be searched for partials. Allows partials to be defined in a directory and used globally without relative paths. See example
- ignorePartials: Prevents partial references from being fetched and bundled. Useful for manually loading partials at runtime.
- ignoreHelpers: Prevents helper references from being fetched and bundled. Useful for manually loading helpers at runtime.
- precompileOptions: Options passed to handlebars precompile. See the Handlebars.js documentation for more information.
- config: Tells the loader where to look in the webpack config for configurations for this loader. Defaults to
handlebarsLoader. - config.partialResolver You can specify a function to use for resolving partials. To do so, add to your webpack config:
1handlebarsLoader: { 2 partialResolver: function(partial, callback){ 3 // should pass the partial's path on disk 4 // to the callback. Callback accepts (err, locationOnDisk) 5 } 6} - config.helperResolver You can specify a function to use for resolving helpers. To do so, add to your webpack config:
js handlebarsLoader: { helperResolver: function(helper, callback){ // should pass the helper's path on disk // to the callback if one was found for the given parameter. // Callback accepts (err, locationOnDisk) // Otherwise just call the callback without any arguments } }Seewebpackdocumentation for more information regarding loaders.
Full examples
See the examples folder in this repo. The examples are fully runnable and demonstrate a number of concepts (using partials and helpers) -- just run webpack in that directory to produce dist/bundle.js in the same folder, open index.html.
Change Log
See the CHANGELOG.md file.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pcardune/handlebars-loader/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/pcardune/handlebars-loader/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pcardune/handlebars-loader/test.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 5/18 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
19 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75
- Warn: Project is vulnerable to: GHSA-6cpc-mj5c-m9rq
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-c9f4-xj24-8jqx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More