Gathering detailed insights and metrics for preact
⚛️ Fast 3kB React alternative with the same modern API. Components & Virtual DOM.
Installations
npm install preactDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
20.13.0
NPM Version
10.5.2
Score
99.1
Supply Chain
96.5
Quality
93.6
Maintenance
100
Vulnerability
100
License
Releases
218
Contributors
328
Languages
2
JavaScript
TypeScript
JavaScript (96.99%)
TypeScript (3.01%)
Developer
Download Statistics
Total Downloads
479,384,531
Last Day
884,821
Last Week
4,039,716
Last Month
17,832,692
Last Year
199,256,925
GitHub Statistics
37,106 Stars
5,812 Commits
1,960 Forks
393 Watching
219 Branches
328 Contributors
Bundle Size
11.60 kB
Minified
4.65 kB
Minified + Gzipped
Sponsor this package
Maintainers
7
Package Meta Information
Latest Version
10.25.4
Package Id
preact@10.25.4
Unpacked Size
1.36 MB
Size
368.46 kB
File Count
134
NPM Version
10.5.2
Node Version
20.13.0
Publised On
28 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
479,384,531
Last day
-6.7%
884,821
Compared to previous day
Last week
-15.2%
4,039,716
Compared to previous week
Last month
6.4%
17,832,692
Compared to previous month
Last year
54.2%
199,256,925
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
46
@actions/github@actions/glob@babel/core@babel/plugin-proposal-object-rest-spread@babel/plugin-transform-react-jsx@babel/plugin-transform-react-jsx-source@babel/preset-env@babel/register@biomejs/biome@types/chai@types/mocha@types/node@types/sinonbabel-plugin-istanbulbabel-plugin-transform-async-to-promisesbabel-plugin-transform-rename-propertieschaicheck-export-mapcore-jscoverallscross-enverrorstacksesbuildhuskykarmakarma-chai-sinonkarma-chrome-launcherkarma-coveragekarma-esbuildkarma-mochakarma-mocha-reporterkarma-sinonkarma-sourcemap-loaderkoloristmicrobundlemochanpm-merge-driver-installnpm-run-all2oxlintpreact-render-to-stringprop-typessadesinonsinon-chaitypescriptundici
Versions
Fast 3kB alternative to React with the same modern API.
All the power of Virtual DOM components, without the overhead:
- Familiar React API & patterns: ES6 Class, hooks, and Functional Components
- Extensive React compatibility via a simple preact/compat alias
- Everything you need: JSX, VDOM, DevTools, HMR, SSR.
- Highly optimized diff algorithm and seamless hydration from Server Side Rendering
- Supports all modern browsers and IE11
- Transparent asynchronous rendering with a pluggable scheduler
💁 More information at the Preact Website ➞
|
|
You can find some awesome libraries in the awesome-preact list :sunglasses:
Getting Started
💁 Note: You don't need ES2015 to use Preact... but give it a try!
Tutorial: Building UI with Preact
With Preact, you create user interfaces by assembling trees of components and elements. Components are functions or classes that return a description of what their tree should output. These descriptions are typically written in JSX (shown underneath), or HTM which leverages standard JavaScript Tagged Templates. Both syntaxes can express trees of elements with "props" (similar to HTML attributes) and children.
To get started using Preact, first look at the render() function. This function accepts a tree description and creates the structure described. Next, it appends this structure to a parent DOM element provided as the second argument. Future calls to render() will reuse the existing tree and update it in-place in the DOM. Internally, render() will calculate the difference from previous outputted structures in an attempt to perform as few DOM operations as possible.
1import { h, render } from 'preact'; 2// Tells babel to use h for JSX. It's better to configure this globally. 3// See https://babeljs.io/docs/en/babel-plugin-transform-react-jsx#usage 4// In tsconfig you can specify this with the jsxFactory 5/** @jsx h */ 6 7// create our tree and append it to document.body: 8render( 9 <main> 10 <h1>Hello</h1> 11 </main>, 12 document.body 13); 14 15// update the tree in-place: 16render( 17 <main> 18 <h1>Hello World!</h1> 19 </main>, 20 document.body 21); 22// ^ this second invocation of render(...) will use a single DOM call to update the text of the <h1>
Hooray! render() has taken our structure and output a User Interface! This approach demonstrates a simple case, but would be difficult to use as an application grows in complexity. Each change would be forced to calculate the difference between the current and updated structure for the entire application. Components can help here – by dividing the User Interface into nested Components each can calculate their difference from their mounted point. Here's an example:
1import { render, h } from 'preact'; 2import { useState } from 'preact/hooks'; 3 4/** @jsx h */ 5 6const App = () => { 7 const [input, setInput] = useState(''); 8 9 return ( 10 <div> 11 <p>Do you agree to the statement: "Preact is awesome"?</p> 12 <input value={input} onInput={e => setInput(e.target.value)} /> 13 </div> 14 ); 15}; 16 17render(<App />, document.body);
Sponsors
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Backers
Support us with a monthly donation and help us continue our activities. [Become a backer]
License
MIT
Stable Version
Stable Version
10.25.4
MODERATE
1
MODERATE
0/10
Summary
HTML Injection in preact
Affected Versions
>= 10.0.0-alpha.0, <= 10.0.0-beta.0
Patched Versions
10.0.0-beta.1
Reason
all changesets reviewed
Reason
30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/benchmarks.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-reporter.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/run-bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/single-bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-bench.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 10.25.4 not signed: https://api.github.com/repos/preactjs/preact/releases/192560400
- Warn: release artifact 10.25.3 not signed: https://api.github.com/repos/preactjs/preact/releases/191535653
- Warn: release artifact 10.25.2 not signed: https://api.github.com/repos/preactjs/preact/releases/190370195
- Warn: release artifact 10.25.1 not signed: https://api.github.com/repos/preactjs/preact/releases/188411630
- Warn: release artifact 10.25.0 not signed: https://api.github.com/repos/preactjs/preact/releases/186800831
- Warn: release artifact 10.25.4 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/192560400
- Warn: release artifact 10.25.3 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/191535653
- Warn: release artifact 10.25.2 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/190370195
- Warn: release artifact 10.25.1 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/188411630
- Warn: release artifact 10.25.0 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/186800831
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
40 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-pgw7-wx7w-2w33
- Warn: Project is vulnerable to: GHSA-3cvr-822r-rqcc
- Warn: Project is vulnerable to: GHSA-q768-x9m6-m9qp
- Warn: Project is vulnerable to: GHSA-8qr4-xgw6-wmr3
- Warn: Project is vulnerable to: GHSA-f772-66g8-q5h3
- Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff
- Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w
- Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Score
4.4
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More