Gathering detailed insights and metrics for posthtml-render
Gathering detailed insights and metrics for posthtml-render
Installations
npm install posthtml-renderDeveloper
posthtml
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=12
Typescript Support
Yes
Node Version
14.17.2
NPM Version
6.14.13
Statistics
45 Stars
206 Commits
19 Forks
7 Watching
9 Branches
20 Contributors
Updated on 15 Oct 2024
Languages
TypeScript (87.23%)
HTML (10.71%)
JavaScript (2.06%)
Total Downloads
Cumulative downloads
Total Downloads
149,451,996
Last day
6.6%
141,998
Compared to previous day
Last week
7.5%
776,816
Compared to previous week
Last month
18.6%
3,154,762
Compared to previous month
Last year
7.3%
32,336,761
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
PostHTML Render
Renders a PostHTML Tree to HTML/XML
Install
1npm i -D posthtml-render
Usage
NodeJS
1import { render } from 'posthtml-render'; 2 3const tree = []; 4 5const node = {}; 6 7node.tag = 'ul'; 8node.attrs = { class: 'list' }; 9node.content = [ 10 'one', 11 'two', 12 'three' 13].map((content) => ({ tag: 'li', content })); 14 15tree.push(node); 16 17const html = render(tree, options); 18
1<ul class="list"> 2 <li>one</li> 3 <li>two</li> 4 <li>three</li> 5</ul>
Options
| Name | Type | Default | Description |
|---|---|---|---|
singleTags | {Array<String|RegExp>} | [] | Specify custom single tags (self closing) |
closingSingleTag | {String} | > | Specify the single tag closing format |
quoteAllAttributes | {Boolean} | true | Put double quotes around all tags, even when not necessary. |
replaceQuote | {Boolean} | true | Replaces quotes in attribute values with "e;. |
quoteStyle | {0 or 1 or 2} | 2 | Specify the style of quote arround the attribute values |
singleTags
Specify custom single tags (self closing)
{String}
1const render = require('posthtml-render') 2 3const tree = [ { tag: 'name' } ] 4const options = { singleTags: [ 'name' ] } 5 6const html = render(tree, options)
result.html
1<name>
{RegExp}
1const render = require('posthtml-render') 2 3const tree = [ { tag: '%=title%' } ] 4const options = { singleTags: [ /^%.*%$/ ] } 5 6const html = render(tree, options)
result.html
1<%=title%>
closingSingleTag
Specify the single tag closing format
Formats
1const render = require('posthtml-render') 2 3const tree = [ { tag: 'img' } ]
'tag'
1const html = render(tree, { closingSingleTag: 'tag' })
1<custom></custom>
'slash'
1const html = render(tree, { closingSingleTag: 'slash' })
1<custom />
'default' (Default)
1const html = render(tree)
1<img>
'closeAs'
1const tree = [ { 2 tag: 'custom', 3 closeAs: 'default' // Available types: `tag` | `slash` | `default` 4} ] 5const html = render(tree, { closingSingleTag: 'closeAs' })
1<custom>
quoteAllAttributes
Specify if all attributes should be quoted.
true (Default)
1<i src="index.js"></i>
false
1<i src=index.js></i>
replaceQuote
Replaces quotes in attribute values with "e;.
true (Default)
1<img src="<?php echo $foo["e;bar"e;] ?>">
false
1<img src="<?php echo $foo["bar"] ?>">
quoteStyle
2 (Default)
Attribute values are wrapped in double quotes:
1<img src="https://example.com/example.png" onload="testFunc("test")">
1
Attribute values are wrapped in single quote:
1<img src='https://example.com/example.png' onload='testFunc("test")'>
0
Quote style is based on attribute values (an alternative for replaceQuote option):
1<img src="https://example.com/example.png" onload='testFunc("test")'>
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-render/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-render/nodejs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-render/nodejs.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 1/4 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
25 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More