Pug – robust, elegant, feature rich template engine for Node.js
Installations
npm install pug-errorReleases
pug@3.0.3
Published on 24 May 2024
pug-code-gen@3.0.3
Published on 24 May 2024
pug-error@2.1.0
Published on 24 May 2024
pug@3.0.2
Published on 28 Feb 2021
pug-lexer@5.0.1
Published on 28 Feb 2021
pug-runtime@3.0.1
Published on 28 Feb 2021
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
12.22.12
NPM Version
6.14.16
Statistics
21,699 Stars
2,573 Commits
1,952 Forks
539 Watching
11 Branches
250 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (78.47%)
Pug (14.98%)
HTML (5.98%)
TypeScript (0.49%)
CoffeeScript (0.04%)
Stylus (0.03%)
CSS (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
370,090,181
Last day
-4.2%
343,604
Compared to previous day
Last week
3.1%
1,809,293
Compared to previous week
Last month
10.8%
7,337,493
Compared to previous month
Last year
10.8%
82,090,601
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Pug
Full documentation is at pugjs.org
Pug is a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers. For bug reports, feature requests and questions, open an issue. For discussion join the chat room.
You can test drive Pug online here.
Professionally supported pug is now available
Packages
| Package Name | Version |
|---|---|
| pug | |
| pug-attrs |  |
| pug-code-gen |  |
| pug-error |  |
| pug-filters |  |
| pug-lexer |  |
| pug-linker |  |
| pug-load |  |
| pug-parser |  |
| pug-runtime |  |
| pug-strip-comments |  |
| pug-walk |  |
Rename from "Jade"
This project was formerly known as "Jade". However, it was revealed to us that "Jade" is a registered trademark; as a result, a rename was needed. After some discussion among the maintainers, "Pug" was chosen as the new name for this project. As of version 2, "pug" is the official package name.
If your package or app currently uses jade, don't worry: we have secured permissions to continue to occupy that package name, although all new versions will be released under pug.
Before the renaming, work had already begun on “Jade 2.0.0”. Therefore, the rename to Pug coincided with the major version bump. As a result, upgrading from Jade to Pug will be the same process as upgrading any other package with a major version bump.
The syntax of Pug has several differences, deprecations, and removals compared to its predecessor. These differences are documented in #2305.
The website and documentation for Pug are still being updated. But if you are new to Pug, you should get started with the new syntax and install the Pug package from npm.
Installation
Package
To use Pug in your own JavaScript projects:
1$ npm install pug
Command Line
After installing the latest version of Node.js, install with:
1$ npm install pug-cli -g
and run with
1$ pug --help
Syntax
Pug is a clean, whitespace sensitive syntax for writing HTML. Here is a simple example:
1doctype html 2html(lang="en") 3 head 4 title= pageTitle 5 script(type='text/javascript'). 6 if (foo) bar(1 + 5); 7 body 8 h1 Pug - node template engine 9 #container.col 10 if youAreUsingPug 11 p You are amazing 12 else 13 p Get on it! 14 p. 15 Pug is a terse and simple templating language with a 16 strong focus on performance and powerful features.
Pug transforms the above to:
1<!DOCTYPE html> 2<html lang="en"> 3 <head> 4 <title>Pug</title> 5 <script type="text/javascript"> 6 if (foo) bar(1 + 5); 7 </script> 8 </head> 9 <body> 10 <h1>Pug - node template engine</h1> 11 <div id="container" class="col"> 12 <p>You are amazing</p> 13 <p> 14 Pug is a terse and simple templating language with a strong focus on 15 performance and powerful features. 16 </p> 17 </div> 18 </body> 19</html>
API
For full API, see pugjs.org/api/reference.html
1var pug = require('pug'); 2 3// compile 4var fn = pug.compile('string of pug', options); 5var html = fn(locals); 6 7// render 8var html = pug.render('string of pug', merge(options, locals)); 9 10// renderFile 11var html = pug.renderFile('filename.pug', merge(options, locals));
Options
filenameUsed in exceptions, and required when using includescompileDebugWhenfalseno debug instrumentation is compiledprettyAdd pretty-indentation whitespace to output (falseby default)
Browser Support
The latest version of pug can be downloaded for the browser in standalone form. It only supports the very latest browsers, though, and is a large file. It is recommended that you pre-compile your pug templates to JavaScript.
To compile a template for use on the client using the command line, do:
1$ pug --client --no-debug filename.pug
which will produce filename.js containing the compiled template.
Tutorials
- cssdeck interactive Pug syntax tutorial
- cssdeck interactive Pug logic tutorial
- Pug について。 (A Japanese Tutorial)
Implementations in other languages
Ports in other languages
Ports to other languages, with very close syntax:
Equivalents in other languages
Templates engines for other languages with a different syntax, but a similar philosophy:
- Scaml for Scala
- Slim for Ruby (should not be confused with Slim PHP framework)
- HAML for Ruby
Framework implementations/adapters
Embedded view engines for frameworks:
CMS plugins
Additional Resources
- Emacs Mode
- Vim Syntax
- TextMate Bundle
- Coda/SubEtha syntax Mode
- html2pug converter
- pug2php converter
- Pug Server Ideal for building local prototypes apart from any application
- cache-pug-templates Cache Pug templates for Lad/Koa/Express/Connect with Redis
- Prettier Plugin
Backers
Support us with a monthly donation and help us continue our activities. [Become a backer]
Sponsors
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
Found 16/30 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/rollingversions-canary.yml:1
- Warn: no topLevel permission defined: .github/workflows/rollingversions.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions-canary.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions-canary.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions-canary.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions-canary.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/rollingversions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pugjs/pug/test.yml/master?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
33 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
- Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to pug-error
pug-lexer
The pug lexer (takes a string and converts it to an array of tokens)
pug-parser
The pug parser (takes an array of tokens and converts it to an abstract syntax tree)
pug
A clean, whitespace-sensitive template language for writing HTML
pug-runtime
The runtime components for the pug templating language