Gathering detailed insights and metrics for pug
Gathering detailed insights and metrics for pug
Gathering detailed insights and metrics for pug
Gathering detailed insights and metrics for pug
Pug – robust, elegant, feature rich template engine for Node.js
npm install pug
pug@3.0.3
Published on 24 May 2024
pug-code-gen@3.0.3
Published on 24 May 2024
pug-error@2.1.0
Published on 24 May 2024
pug@3.0.2
Published on 28 Feb 2021
pug-lexer@5.0.1
Published on 28 Feb 2021
pug-runtime@3.0.1
Published on 28 Feb 2021
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
21,699 Stars
2,573 Commits
1,952 Forks
539 Watching
11 Branches
250 Contributors
Updated on 27 Nov 2024
Minified
Minified + Gzipped
JavaScript (78.47%)
Pug (14.98%)
HTML (5.98%)
TypeScript (0.49%)
CoffeeScript (0.04%)
Stylus (0.03%)
CSS (0.01%)
Cumulative downloads
Total Downloads
Last day
-4.1%
300,101
Compared to previous day
Last week
1.4%
1,591,158
Compared to previous week
Last month
10.4%
6,573,360
Compared to previous month
Last year
8.2%
76,114,474
Compared to previous year
Full documentation is at pugjs.org
Pug is a high-performance template engine heavily influenced by Haml and implemented with JavaScript for Node.js and browsers. For bug reports, feature requests and questions, open an issue. For discussion join the chat room.
You can test drive Pug online here.
Professionally supported pug is now available
Package Name | Version |
---|---|
pug | |
pug-attrs | |
pug-code-gen | |
pug-error | |
pug-filters | |
pug-lexer | |
pug-linker | |
pug-load | |
pug-parser | |
pug-runtime | |
pug-strip-comments | |
pug-walk |
This project was formerly known as "Jade". However, it was revealed to us that "Jade" is a registered trademark; as a result, a rename was needed. After some discussion among the maintainers, "Pug" was chosen as the new name for this project. As of version 2, "pug" is the official package name.
If your package or app currently uses jade
, don't worry: we have secured permissions to continue to occupy that package name, although all new versions will be released under pug
.
Before the renaming, work had already begun on “Jade 2.0.0”. Therefore, the rename to Pug coincided with the major version bump. As a result, upgrading from Jade to Pug will be the same process as upgrading any other package with a major version bump.
The syntax of Pug has several differences, deprecations, and removals compared to its predecessor. These differences are documented in #2305.
The website and documentation for Pug are still being updated. But if you are new to Pug, you should get started with the new syntax and install the Pug package from npm.
To use Pug in your own JavaScript projects:
1$ npm install pug
After installing the latest version of Node.js, install with:
1$ npm install pug-cli -g
and run with
1$ pug --help
Pug is a clean, whitespace sensitive syntax for writing HTML. Here is a simple example:
1doctype html 2html(lang="en") 3 head 4 title= pageTitle 5 script(type='text/javascript'). 6 if (foo) bar(1 + 5); 7 body 8 h1 Pug - node template engine 9 #container.col 10 if youAreUsingPug 11 p You are amazing 12 else 13 p Get on it! 14 p. 15 Pug is a terse and simple templating language with a 16 strong focus on performance and powerful features.
Pug transforms the above to:
1<!DOCTYPE html> 2<html lang="en"> 3 <head> 4 <title>Pug</title> 5 <script type="text/javascript"> 6 if (foo) bar(1 + 5); 7 </script> 8 </head> 9 <body> 10 <h1>Pug - node template engine</h1> 11 <div id="container" class="col"> 12 <p>You are amazing</p> 13 <p> 14 Pug is a terse and simple templating language with a strong focus on 15 performance and powerful features. 16 </p> 17 </div> 18 </body> 19</html>
For full API, see pugjs.org/api/reference.html
1var pug = require('pug'); 2 3// compile 4var fn = pug.compile('string of pug', options); 5var html = fn(locals); 6 7// render 8var html = pug.render('string of pug', merge(options, locals)); 9 10// renderFile 11var html = pug.renderFile('filename.pug', merge(options, locals));
filename
Used in exceptions, and required when using includescompileDebug
When false
no debug instrumentation is compiledpretty
Add pretty-indentation whitespace to output (false
by default)The latest version of pug can be downloaded for the browser in standalone form. It only supports the very latest browsers, though, and is a large file. It is recommended that you pre-compile your pug templates to JavaScript.
To compile a template for use on the client using the command line, do:
1$ pug --client --no-debug filename.pug
which will produce filename.js
containing the compiled template.
Ports to other languages, with very close syntax:
Templates engines for other languages with a different syntax, but a similar philosophy:
Embedded view engines for frameworks:
Support us with a monthly donation and help us continue our activities. [Become a backer]
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
MIT
The latest stable version of the package.
Stable Version
1
6.8/10
Summary
Remote code execution via the `pretty` option.
Affected Versions
< 3.0.1
Patched Versions
3.0.1
1
6.8/10
Summary
Pug allows JavaScript code execution if an application accepts untrusted input
Affected Versions
<= 3.0.2
Patched Versions
3.0.3
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
Reason
no binaries found in the repo
Reason
Found 16/30 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
license file not detected
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
33 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More