Gathering detailed insights and metrics for jquery
Gathering detailed insights and metrics for jquery
Gathering detailed insights and metrics for jquery
Gathering detailed insights and metrics for jquery
npm install jquery
99.3
Supply Chain
90.2
Quality
82.6
Maintenance
100
Vulnerability
100
License
Release 4.0.0-beta.2
Published on 17 Jul 2024
jQuery 4.0.0 BETA!
Published on 06 Feb 2024
jQuery 3.7.1 Released: Reliable Table Row Dimensions
Published on 28 Aug 2023
jQuery 3.7.0: Staying in Order
Published on 11 May 2023
jQuery 3.6.4 Released: Selector Forgiveness
Published on 08 Mar 2023
jQuery supports CSS.supports in jQuery 3.6.3
Published on 20 Dec 2022
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
59,253 Stars
6,742 Commits
20,579 Forks
3,167 Watching
5 Branches
290 Contributors
Updated on 28 Nov 2024
JavaScript (94.29%)
HTML (4.76%)
PHP (0.66%)
CSS (0.16%)
Shell (0.13%)
Cumulative downloads
Total Downloads
Last day
-3.8%
2,101,940
Compared to previous day
Last week
1.4%
12,897,713
Compared to previous week
Last month
6.2%
53,830,434
Compared to previous month
Last year
55.3%
537,777,477
Compared to previous year
42
Meetings are currently held on the matrix.org platform.
Meeting minutes can be found at meetings.jquery.org.
The latest version of jQuery is available at https://jquery.com/download/.
Version | Branch | Status |
---|---|---|
4.x | main | Beta |
3.x | 3.x-stable | Active |
2.x | 2.x-stable | Inactive |
1.x | 1.x-stable | Inactive |
Once 4.0.0 final is released, the 3.x branch will continue to receive updates for a limited time. The 2.x and 1.x branches are no longer supported.
Commercial support for inactive versions is available from HeroDevs.
Learn more about our version support.
In the spirit of open source software development, jQuery always encourages community code contribution. To help you get started and before you jump into writing code, be sure to read these important contribution guidelines thoroughly:
GitHub issues/PRs are usually referenced via gh-NUMBER
, where NUMBER
is the numerical ID of the issue/PR. You can find such an issue/PR under https://github.com/jquery/jquery/issues/NUMBER
.
jQuery has used a different bug tracker - based on Trac - in the past, available under bugs.jquery.com. It is being kept in read only mode so that referring to past discussions is possible. When jQuery source references one of those issues, it uses the pattern trac-NUMBER
, where NUMBER
is the numerical ID of the issue. You can find such an issue under https://bugs.jquery.com/ticket/NUMBER
.
To build jQuery, you need to have the latest Node.js/npm and git 1.7 or later. Earlier versions might work, but are not supported.
For Windows, you have to download and install git and Node.js.
macOS users should install Homebrew. Once Homebrew is installed, run brew install git
to install git,
and brew install node
to install Node.js.
Linux/BSD users should use their appropriate package managers to install git and Node.js, or build from source if you swing that way. Easy-peasy.
First, clone the jQuery git repo.
Then, enter the jquery directory, install dependencies, and run the build script:
1cd jquery 2npm install 3npm run build
The built version of jQuery will be placed in the dist/
directory, along with a minified copy and associated map file.
To build all variants of jQuery, run the following command:
1npm run build:all
This will create all of the variants that jQuery includes in a release, including jquery.js
, jquery.slim.js
, jquery.module.js
, and jquery.slim.module.js
along their associated minified files and sourcemaps.
jquery.module.js
and jquery.slim.module.js
are ECMAScript modules that export jQuery
and $
as named exports are placed in the dist-module/
directory rather than the dist/
directory.
The build script can be used to create a custom version of jQuery that includes only the modules you need.
Any module may be excluded except for core
. When excluding selector
, it is not removed but replaced with a small wrapper around native querySelectorAll
(see below for more information).
To see the full list of available options for the build script, run the following:
1npm run build -- --help
To exclude a module, pass its path relative to the src
folder (without the .js
extension) to the --exclude
option. When using the --include
option, the default includes are dropped and a build is created with only those modules.
Some example modules that can be excluded or included are:
ajax: All AJAX functionality: $.ajax()
, $.get()
, $.post()
, $.ajaxSetup()
, .load()
, transports, and ajax event shorthands such as .ajaxStart()
.
ajax/xhr: The XMLHTTPRequest AJAX transport only.
ajax/script: The <script>
AJAX transport only; used to retrieve scripts.
ajax/jsonp: The JSONP AJAX transport only; depends on the ajax/script transport.
css: The .css()
method. Also removes all modules depending on css (including effects, dimensions, and offset).
css/showHide: Non-animated .show()
, .hide()
and .toggle()
; can be excluded if you use classes or explicit .css()
calls to set the display
property. Also removes the effects module.
deprecated: Methods documented as deprecated but not yet removed.
dimensions: The .width()
and .height()
methods, including inner-
and outer-
variations.
effects: The .animate()
method and its shorthands such as .slideUp()
or .hide("slow")
.
event: The .on()
and .off()
methods and all event functionality.
event/trigger: The .trigger()
and .triggerHandler()
methods.
offset: The .offset()
, .position()
, .offsetParent()
, .scrollLeft()
, and .scrollTop()
methods.
wrap: The .wrap()
, .wrapAll()
, .wrapInner()
, and .unwrap()
methods.
core/ready: Exclude the ready module if you place your scripts at the end of the body. Any ready callbacks bound with jQuery()
will simply be called immediately. However, jQuery(document).ready()
will not be a function and .on("ready", ...)
or similar will not be triggered.
deferred: Exclude jQuery.Deferred. This also excludes all modules that rely on Deferred, including ajax, effects, and queue, but replaces core/ready with core/ready-no-deferred.
exports/global: Exclude the attachment of global jQuery variables ($ and jQuery) to the window.
exports/amd: Exclude the AMD definition.
selector: The full jQuery selector engine. When this module is excluded, it is replaced with a rudimentary selector engine based on the browser's querySelectorAll
method that does not support jQuery selector extensions or enhanced semantics. See the selector-native.js file for details.
Note: Excluding the full selector
module will also exclude all jQuery selector extensions (such as effects/animatedSelector
and css/hiddenVisibleSelectors
).
You can set the module name for jQuery's AMD definition. By default, it is set to "jquery", which plays nicely with plugins and third-party libraries, but there may be cases where you'd like to change this. Pass it to the --amd
parameter:
1npm run build -- --amd="custom-name"
Or, to define anonymously, leave the name blank.
1npm run build -- --amd
The default name for the built jQuery file is jquery.js
; it is placed under the dist/
directory. It's possible to change the file name using --filename
and the directory using --dir
. --dir
is relative to the project root.
1npm run build -- --slim --filename="jquery.slim.js" --dir="/tmp"
This would create a slim version of jQuery and place it under tmp/jquery.slim.js
.
By default, jQuery generates a regular script JavaScript file. You can also generate an ECMAScript module exporting jQuery
as the default export using the --esm
parameter:
1npm run build -- --filename=jquery.module.js --esm
By default, jQuery depends on a global window
. For environments that don't have one, you can generate a factory build that exposes a function accepting window
as a parameter that you can provide externally (see README
of the published package for usage instructions). You can generate such a factory using the --factory
parameter:
1npm run build -- --filename=jquery.factory.js --factory
This option can be mixed with others like --esm
or --slim
:
1npm run build -- --filename=jquery.factory.slim.module.js --factory --esm --slim --dir="/dist-module"
Create a custom build using npm run build
, listing the modules to be excluded. Excluding a top-level module also excludes its corresponding directory of modules.
Exclude all ajax functionality:
1npm run build -- --exclude=ajax
Excluding css removes modules depending on CSS: effects, offset, dimensions.
1npm run build -- --exclude=css
Exclude a bunch of modules (-e
is an alias for --exclude
):
1npm run build -- -e ajax/jsonp -e css -e deprecated -e dimensions -e effects -e offset -e wrap
There is a special alias to generate a build with the same configuration as the official jQuery Slim build:
1npm run build -- --filename=jquery.slim.js --slim
Or, to create the slim build as an esm module:
1npm run build -- --filename=jquery.slim.module.js --slim --esm
Non-official custom builds are not regularly tested. Use them at your own risk.
Make sure you have the necessary dependencies:
1npm install
Start npm start
to auto-build jQuery as you work:
1npm start
Run the unit tests with a local server that supports PHP. Ensure that you run the site from the root directory, not the "test" directory. No database is required. Pre-configured php local servers are available for Windows and Mac. Here are some options:
As the source code is handled by the Git version control system, it's useful to know some features used.
If you want to purge your working directory back to the status of upstream, the following commands can be used (remember everything you've worked on is gone after these):
1git reset --hard upstream/main 2git clean -fdx
For feature/topic branches, you should always use the --rebase
flag to git pull
, or if you are usually handling many temporary "to be in a github pull request" branches, run the following to automate this:
1git config branch.autosetuprebase local
(see man git-config
for more information)
If you're getting merge conflicts when merging, instead of editing the conflicted files manually, you can use the feature
git mergetool
. Even though the default tool xxdiff
looks awful/old, it's rather useful.
The following are some commands that can be used there:
Ctrl + Alt + M
- automerge as much as possibleb
- jump to next merge conflicts
- change the order of the conflicted linesu
- undo a mergeleft mouse button
- mark a block to be the winnermiddle mouse button
- mark a line to be the winnerCtrl + S
- saveCtrl + Q
- quit1expect( numAssertions ); 2stop(); 3start();
Note: QUnit's eventual addition of an argument to stop/start is ignored in this test suite so that start and stop can be passed as callbacks without worrying about their parameters.
1ok( value, [message] ); 2equal( actual, expected, [message] ); 3notEqual( actual, expected, [message] ); 4deepEqual( actual, expected, [message] ); 5notDeepEqual( actual, expected, [message] ); 6strictEqual( actual, expected, [message] ); 7notStrictEqual( actual, expected, [message] ); 8throws( block, [expected], [message] );
1q( ... );
Example:
1q( "main", "foo", "bar" ); 2 3=> [ div#main, span#foo, input#bar ]
1t( testName, selector, [ "array", "of", "ids" ] );
Example:
1t("Check for something", "//[a]", ["foo", "bar"]);
1fireNative( node, eventType );
Example:
1fireNative( jQuery( "#elem" )[ 0 ], "click" );
1url( "some/url" );
Example:
1url( "index.html" ); 2 3=> "data/index.html?10538358428943" 4 5 6url( "mock.php?foo=bar" ); 7 8=> "data/mock.php?foo=bar&10538358345554"
Some tests may require a document other than the standard test fixture, and these can be run in a separate iframe. The actual test code and assertions remain in jQuery's main test files; only the minimal test fixture markup and setup code should be placed in the iframe file.
1testIframe( testName, fileName,
2 function testCallback(
3 assert, jQuery, window, document,
4 [ additional args ] ) {
5 ...
6 } );
This loads a page, constructing a url with fileName "./data/" + fileName
.
The iframed page determines when the callback occurs in the test by
including the "/test/data/iframeTest.js" script and calling
startIframeTest( [ additional args ] )
when appropriate. Often this
will be after either document ready or window.onload
fires.
The testCallback
receives the QUnit assert
object created by testIframe
for this test, followed by the global jQuery
, window
, and document
from
the iframe. If the iframe code passes any arguments to startIframeTest
,
they follow the document
argument.
If you have any questions, please feel free to ask on the Developing jQuery Core forum or in #jquery on libera.
The latest stable version of the package.
Stable Version
1
7.5/10
Summary
Denial of Service in jquery
Affected Versions
= 3.0.0-rc.1
Patched Versions
3.0.0
10
6.1/10
Summary
Cross-Site Scripting in jquery
Affected Versions
>= 1.2.1, < 1.9.0
Patched Versions
1.9.0
6.9/10
Summary
Potential XSS vulnerability in jQuery
Affected Versions
>= 1.0.3, < 3.5.0
Patched Versions
3.5.0
6.1/10
Summary
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Affected Versions
>= 1.0.3, < 3.5.0
Patched Versions
3.5.0
6.1/10
Summary
Cross-Site Scripting (XSS) in jquery
Affected Versions
>= 1.12.3, < 3.0.0
Patched Versions
3.0.0
6.1/10
Summary
Cross-Site Scripting (XSS) in jquery
Affected Versions
< 1.12.2
Patched Versions
1.12.2
6.9/10
Summary
Potential XSS vulnerability in jQuery
Affected Versions
>= 1.2.0, < 3.5.0
Patched Versions
3.5.0
0/10
Summary
Duplicate Advisory: Prototype Pollution in jquery
Affected Versions
< 3.4.0
Patched Versions
3.4.0
0/10
Summary
jQuery vulnerable to Cross-Site Scripting (XSS)
Affected Versions
< 1.6.3
Patched Versions
1.6.3
6.1/10
Summary
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Affected Versions
>= 1.1.4, < 3.4.0
Patched Versions
3.4.0
6.1/10
Summary
Cross-Site Scripting in jquery
Affected Versions
<= 1.8.3
Patched Versions
1.9.0
Reason
security policy file detected
Details
Reason
17 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
SAST tool is run on all commits
Details
Reason
Found 20/22 approved changesets -- score normalized to 9
Reason
1 existing vulnerabilities detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More