Gathering detailed insights and metrics for posthtml-modules
Gathering detailed insights and metrics for posthtml-modules
Installations
npm install posthtml-modulesDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=10
Node Version
16.18.1
NPM Version
8.19.2
Releases
14
Languages
2
JavaScript
HTML
JavaScript (95.98%)
HTML (4.02%)
Developer
canvaskisa
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
83 Stars
176 Commits
11 Forks
8 Watchers
8 Branches
17 Contributors
Updated on Apr 13, 2025
Maintainers
2
Package Meta Information
Latest Version
0.9.1
Package Id
posthtml-modules@0.9.1
Unpacked Size
29.11 kB
Size
8.49 kB
File Count
13
NPM Version
8.19.2
Node Version
16.18.1
Published on
Mar 02, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Modules Plugin
Import and process HTML Modules with PostHTML
Install
1npm i -D posthtml-modules
Example
1<!-- index.html --> 2<html> 3<body> 4 <module href="./module.html"> 5 title 6 </module> 7</body> 8</html>
1<!-- module.html --> 2<header> 3 <h1> 4 Test <content></content> 5 </h1> 6</header>
1const { readFileSync } = require('fs') 2const posthtml = require('posthtml') 3const options = { /* see available options below */ } 4 5posthtml() 6 .use(require('posthtml-modules')(options)) 7 .process(readFileSync('index.html', 'utf8')) 8 .then((result) => result) 9 });
1<html> 2 <body> 3 <header> 4 <h1>Test title</h1> 5 </header> 6 </body> 7</html>
Options
root
Type: string
Default: ./
Root path for modules lookup.
plugins
Type: array | function
Default: []
PostHTML plugins to apply for every parsed module.
If a function provided, it will be called with module's file path.
from
Type: string
Default: ''
Root filename for processing apply, needed for path resolving (it's better to always provide it).
initial
Type: boolean
Default: false
Apply plugins to root file after modules processing.
tag
Type: string
Default: module
Use a custom tag name.
attribute
Type: string
Default: href
Use a custom attribute name.
locals
Type: object
Default: {}
Pass data to the module.
If present, the JSON object from the locals="" attribute will be merged on top of this, overwriting any existing values.
attributeAsLocals
Type: boolean
Default: false
All attributes on <module></module> will be added to locals
parser
Type: object
Default: {}
Options for the PostHTML parser.
By default, posthtml-parser is used.
expressions
Type: object
Default: {}
Options to forward to posthtml-expressions, like custom delimiters for example. Available options can be found here.
Component options
locals
You can pass data to a module using a locals="" attribute.
Must be a valid JSON object.
Example:
1<!-- module.html --> 2<p>The foo is {{ foo }} in this one.</p> 3<content></content>
1<!-- index.html --> 2<module href="./module.html" locals='{"foo": "strong"}'> 3 <p>Or so they say...</p> 4</module>
Result
1<p>The foo is strong in this one.</p> 2<p>Or so they say...</p>
attributeAsLocals
All attributes on <module></module> will be added to locals
Example:
1<!-- module.html --> 2<div class="{{ class }}" id="{{ id }}" style="{{ style }}"> 3 <content></content> 4</div>
1<!-- index.html --> 2<module 3 href="module.html" 4 class="text-center uppercase" 5 id="example" 6 style="display: flex; gap: 2;" 7> 8 Module content 9</module>
Result
1<div class="text-center uppercase" id="example" style="display: flex; gap: 2;"> 2 Module content 3</div>
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-modules/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-modules/nodejs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-modules/nodejs.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 4/12 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Reason
22 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More