Gathering detailed insights and metrics for preact
Gathering detailed insights and metrics for preact
⚛️ Fast 3kB React alternative with the same modern API. Components & Virtual DOM.
Installations
npm install preactDeveloper
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.13.0
NPM Version
10.5.2
Statistics
36,876 Stars
5,763 Commits
1,951 Forks
397 Watching
216 Branches
325 Contributors
Updated on 28 Nov 2024
Bundle Size
11.67 kB
Minified
4.63 kB
Minified + Gzipped
Languages
JavaScript (95.63%)
TypeScript (2.61%)
HTML (1.76%)
Total Downloads
Cumulative downloads
Total Downloads
442,512,948
Last day
-0.1%
884,653
Compared to previous day
Last week
3.3%
4,592,534
Compared to previous week
Last month
11.2%
19,149,838
Compared to previous month
Last year
52.5%
186,031,344
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
50
@actions/github@actions/glob@babel/core@babel/plugin-proposal-object-rest-spread@babel/plugin-transform-react-jsx@babel/plugin-transform-react-jsx-source@babel/preset-env@babel/register@biomejs/biome@types/chai@types/mocha@types/node@types/sinonbabel-plugin-istanbulbabel-plugin-transform-async-to-promisesbabel-plugin-transform-rename-propertiesbenchmarkchaicheck-export-mapcore-jscoverallscross-envdifferrorstacksesbuildhuskykarmakarma-chai-sinonkarma-chrome-launcherkarma-coveragekarma-esbuildkarma-mochakarma-mocha-reporterkarma-sinonkarma-sourcemap-loaderkoloristlint-stagedlodashmicrobundlemochanpm-merge-driver-installnpm-run-alloxlintpreact-render-to-stringprop-typessadesinonsinon-chaitypescriptundici
Versions
Fast 3kB alternative to React with the same modern API.
All the power of Virtual DOM components, without the overhead:
- Familiar React API & patterns: ES6 Class, hooks, and Functional Components
- Extensive React compatibility via a simple preact/compat alias
- Everything you need: JSX, VDOM, DevTools, HMR, SSR.
- Highly optimized diff algorithm and seamless hydration from Server Side Rendering
- Supports all modern browsers and IE11
- Transparent asynchronous rendering with a pluggable scheduler
💁 More information at the Preact Website ➞
|
|
You can find some awesome libraries in the awesome-preact list :sunglasses:
Getting Started
💁 Note: You don't need ES2015 to use Preact... but give it a try!
Tutorial: Building UI with Preact
With Preact, you create user interfaces by assembling trees of components and elements. Components are functions or classes that return a description of what their tree should output. These descriptions are typically written in JSX (shown underneath), or HTM which leverages standard JavaScript Tagged Templates. Both syntaxes can express trees of elements with "props" (similar to HTML attributes) and children.
To get started using Preact, first look at the render() function. This function accepts a tree description and creates the structure described. Next, it appends this structure to a parent DOM element provided as the second argument. Future calls to render() will reuse the existing tree and update it in-place in the DOM. Internally, render() will calculate the difference from previous outputted structures in an attempt to perform as few DOM operations as possible.
1import { h, render } from 'preact'; 2// Tells babel to use h for JSX. It's better to configure this globally. 3// See https://babeljs.io/docs/en/babel-plugin-transform-react-jsx#usage 4// In tsconfig you can specify this with the jsxFactory 5/** @jsx h */ 6 7// create our tree and append it to document.body: 8render( 9 <main> 10 <h1>Hello</h1> 11 </main>, 12 document.body 13); 14 15// update the tree in-place: 16render( 17 <main> 18 <h1>Hello World!</h1> 19 </main>, 20 document.body 21); 22// ^ this second invocation of render(...) will use a single DOM call to update the text of the <h1>
Hooray! render() has taken our structure and output a User Interface! This approach demonstrates a simple case, but would be difficult to use as an application grows in complexity. Each change would be forced to calculate the difference between the current and updated structure for the entire application. Components can help here – by dividing the User Interface into nested Components each can calculate their difference from their mounted point. Here's an example:
1import { render, h } from 'preact'; 2import { useState } from 'preact/hooks'; 3 4/** @jsx h */ 5 6const App = () => { 7 const [input, setInput] = useState(''); 8 9 return ( 10 <div> 11 <p>Do you agree to the statement: "Preact is awesome"?</p> 12 <input value={input} onInput={e => setInput(e.target.value)} /> 13 </div> 14 ); 15}; 16 17render(<App />, document.body);
Sponsors
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Backers
Support us with a monthly donation and help us continue our activities. [Become a backer]
License
MIT
Stable Version
The latest stable version of the package.
Stable Version
10.25.0
MODERATE
1
MODERATE
0/10
Summary
HTML Injection in preact
Affected Versions
>= 10.0.0-alpha.0, <= 10.0.0-beta.0
Patched Versions
10.0.0-beta.1
Reason
30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/benchmarks.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-reporter.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/run-bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/single-bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/benchmarks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/build-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-reporter.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/pr-reporter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-bench.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-bench.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/run-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/single-bench.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/preactjs/preact/size.yml/main?enable=pin
- Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 10.25.0 not signed: https://api.github.com/repos/preactjs/preact/releases/186800831
- Warn: release artifact 10.24.3 not signed: https://api.github.com/repos/preactjs/preact/releases/179733917
- Warn: release artifact 10.24.2 not signed: https://api.github.com/repos/preactjs/preact/releases/178342183
- Warn: release artifact 10.24.1 not signed: https://api.github.com/repos/preactjs/preact/releases/176651995
- Warn: release artifact 10.24.0 not signed: https://api.github.com/repos/preactjs/preact/releases/175067326
- Warn: release artifact 10.25.0 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/186800831
- Warn: release artifact 10.24.3 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/179733917
- Warn: release artifact 10.24.2 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/178342183
- Warn: release artifact 10.24.1 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/176651995
- Warn: release artifact 10.24.0 does not have provenance: https://api.github.com/repos/preactjs/preact/releases/175067326
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
54 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-jg8v-48h5-wgxg
- Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-gx6r-qc2v-3p3v
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-pgw7-wx7w-2w33
- Warn: Project is vulnerable to: GHSA-3cvr-822r-rqcc
- Warn: Project is vulnerable to: GHSA-q768-x9m6-m9qp / GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-8qr4-xgw6-wmr3
- Warn: Project is vulnerable to: GHSA-f772-66g8-q5h3
- Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff
- Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Score
4.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More