Gathering detailed insights and metrics for preact
Gathering detailed insights and metrics for preact
Gathering detailed insights and metrics for preact
Gathering detailed insights and metrics for preact
⚛️ Fast 3kB React alternative with the same modern API. Components & Virtual DOM.
npm install preact
Typescript
Module System
Node Version
NPM Version
98.8
Supply Chain
96.5
Quality
97.1
Maintenance
100
Vulnerability
100
License
Updated on 06 Dec 2024
Minified
Minified + Gzipped
JavaScript (97.15%)
TypeScript (2.85%)
Cumulative downloads
Total Downloads
Last day
20.6%
Compared to previous day
Last week
0.5%
Compared to previous week
Last month
3.6%
Compared to previous month
Last year
52.7%
Compared to previous year
50
Fast 3kB alternative to React with the same modern API.
All the power of Virtual DOM components, without the overhead:
You can find some awesome libraries in the awesome-preact list :sunglasses:
💁 Note: You don't need ES2015 to use Preact... but give it a try!
With Preact, you create user interfaces by assembling trees of components and elements. Components are functions or classes that return a description of what their tree should output. These descriptions are typically written in JSX (shown underneath), or HTM which leverages standard JavaScript Tagged Templates. Both syntaxes can express trees of elements with "props" (similar to HTML attributes) and children.
To get started using Preact, first look at the render() function. This function accepts a tree description and creates the structure described. Next, it appends this structure to a parent DOM element provided as the second argument. Future calls to render() will reuse the existing tree and update it in-place in the DOM. Internally, render() will calculate the difference from previous outputted structures in an attempt to perform as few DOM operations as possible.
1import { h, render } from 'preact'; 2// Tells babel to use h for JSX. It's better to configure this globally. 3// See https://babeljs.io/docs/en/babel-plugin-transform-react-jsx#usage 4// In tsconfig you can specify this with the jsxFactory 5/** @jsx h */ 6 7// create our tree and append it to document.body: 8render( 9 <main> 10 <h1>Hello</h1> 11 </main>, 12 document.body 13); 14 15// update the tree in-place: 16render( 17 <main> 18 <h1>Hello World!</h1> 19 </main>, 20 document.body 21); 22// ^ this second invocation of render(...) will use a single DOM call to update the text of the <h1>
Hooray! render() has taken our structure and output a User Interface! This approach demonstrates a simple case, but would be difficult to use as an application grows in complexity. Each change would be forced to calculate the difference between the current and updated structure for the entire application. Components can help here – by dividing the User Interface into nested Components each can calculate their difference from their mounted point. Here's an example:
1import { render, h } from 'preact'; 2import { useState } from 'preact/hooks'; 3 4/** @jsx h */ 5 6const App = () => { 7 const [input, setInput] = useState(''); 8 9 return ( 10 <div> 11 <p>Do you agree to the statement: "Preact is awesome"?</p> 12 <input value={input} onInput={e => setInput(e.target.value)} /> 13 </div> 14 ); 15}; 16 17render(<App />, document.body);
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Support us with a monthly donation and help us continue our activities. [Become a backer]
MIT
Stable Version
1
0/10
Summary
HTML Injection in preact
Affected Versions
>= 10.0.0-alpha.0, <= 10.0.0-beta.0
Patched Versions
10.0.0-beta.1
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
Project has not signed or included provenance with any releases.
Details
Reason
security policy file not detected
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
54 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More