Gathering detailed insights and metrics for layui-src
Gathering detailed insights and metrics for layui-src
一套遵循原生态开发模式的 Web UI 组件库,采用自身轻量级模块化规范,易上手,可以更简单快速地构建网页界面。
Installations
npm install layui-srcDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
10.16.0
NPM Version
6.9.0
Score
78.7
Supply Chain
99.5
Quality
75.6
Maintenance
100
Vulnerability
100
License
Releases
156
Languages
2
JavaScript
CSS
JavaScript (83.48%)
CSS (16.52%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
30,260 Stars
2,488 Commits
7,420 Forks
937 Watchers
6 Branches
62 Contributors
Updated on Jun 29, 2025
Bundle Size
281.21 kB
Minified
90.54 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.6.8
Package Id
layui-src@2.6.8
Unpacked Size
2.36 MB
Size
875.57 kB
File Count
115
NPM Version
6.9.0
Node Version
10.16.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Classic modular front-end UI framework
layui 是一款采用自身模块规范编写的前端 UI 框架,遵循原生 HTML/CSS/JS 的开发方式,极易上手,拿来即用。其风格简约轻盈,而组件优雅丰盈,从源代码到使用方法的每一处细节都经过精心雕琢,非常适合网页界面的快速开发。layui 区别于那些基于 MVVM 底层的前端框架,却并非逆道而行,而是信奉返璞归真之道。准确地说,它更多是面向后端开发者,你无需涉足前端各种工具,只需面对浏览器本身,让一切你所需要的元素与交互,从这里信手拈来。
返璞归真
layui 定义为“经典模块化”,并非是自吹她自身有多优秀,而是有意避开当下 JS 社区的主流方案,试图以最简单的方式去诠释高效!她的所谓经典,是在于对返璞归真的执念,她以当前浏览器普通认可的方式去组织模块!我们认为,这恰是符合当下国内绝大多数程序员从旧时代过渡到未来新标准的最佳指引。所以 layui 本身也并不是完全遵循于 AMD 时代,准确地说,她试图建立自己的模式,所以你会看到:
1//layui模块的定义 2layui.define([mods], function(exports){ 3 4 //…… 5 6 exports('mod', api); 7}); 8 9//layui模块的使用 10layui.use(['mod1', 'mod2'], function(args){ 11 var mod = layui.mod1; 12 13 //…… 14 15});
没错,她具备 AMD 的影子,又并非受限于 CommonJS 的那些条条框框,layui 认为这种轻量的组织方式,比 WebPack 更符合绝大多数场景。所以她坚持采用经典模块化,也正是能让人避开工具的复杂配置,回归简单,安静高效地撸一会原生态的HTML、CSS、JavaScript。
但是 layui 又并非是 Requirejs 那样的模块加载器,而是一款 UI 解决方案,她与 Bootstrap 最大的不同恰恰在于她糅合了自身对经典模块化的理解。
快速上手
获得 layui 后,将其完整地部署到你的静态资源项目目录,你只需要引入下述两个文件:
./layui/css/layui.css
./layui/layui.js
这是一个基本的入门页面:
1<!DOCTYPE html> 2<html> 3<head> 4 <meta charset="utf-8"> 5 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> 6 <title>开始使用 layui</title> 7 <link rel="stylesheet" href="../layui/css/layui.css"> 8</head> 9<body> 10 11<!-- 你的HTML代码 --> 12 13<script src="../layui/layui.js"></script> 14<script> 15//一般直接写在一个js文件中 16layui.use(['layer', 'form'], function(){ 17 var layer = layui.layer 18 ,form = layui.form; 19 20 layer.msg('Hello World'); 21}); 22</script> 23</body> 24</html>
阅读文档
从现在开始,尽情地拥抱 layui 吧!但愿她能成为你长远的开发伴侣,化作你方寸屏幕前的亿万字节!
贡献者
大概是因为 layui 让开发者变得更懒,所以贡献者才这么少?
好的,姑且就这样认为吧。
相关
No vulnerabilities found.
Reason
30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-npm.yml:9
Reason
Found 18/28 approved changesets -- score normalized to 6
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-close-require.yml:8
- Warn: no topLevel permission defined: .github/workflows/issue-closed.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-labeled.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-opened.yml:8
- Warn: no topLevel permission defined: .github/workflows/pr-preview.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-npm.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-close-require.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-close-require.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-close-require.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-close-require.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-close-require.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-close-require.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-closed.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-closed.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-labeled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-labeled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-labeled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-labeled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-labeled.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-preview.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/pr-preview.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-preview.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/pr-preview.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/release-npm.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/release-npm.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/layui/layui/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/pr-preview.yml:19
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v2.11.4 not signed: https://api.github.com/repos/layui/layui/releases/226899436
- Warn: release artifact v2.11.3 not signed: https://api.github.com/repos/layui/layui/releases/226039549
- Warn: release artifact v2.11.2 not signed: https://api.github.com/repos/layui/layui/releases/218712560
- Warn: release artifact v2.11.1 not signed: https://api.github.com/repos/layui/layui/releases/216678732
- Warn: release artifact v2.11.0 not signed: https://api.github.com/repos/layui/layui/releases/213632624
- Warn: release artifact v2.11.4 does not have provenance: https://api.github.com/repos/layui/layui/releases/226899436
- Warn: release artifact v2.11.3 does not have provenance: https://api.github.com/repos/layui/layui/releases/226039549
- Warn: release artifact v2.11.2 does not have provenance: https://api.github.com/repos/layui/layui/releases/218712560
- Warn: release artifact v2.11.1 does not have provenance: https://api.github.com/repos/layui/layui/releases/216678732
- Warn: release artifact v2.11.0 does not have provenance: https://api.github.com/repos/layui/layui/releases/213632624
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Score
5.5
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More