A vite plugin for processing html. It is developed based on lodash template
Installations
npm install vite-plugin-htmlScore
55.1
Supply Chain
54.9
Quality
76.7
Maintenance
100
Vulnerability
98.6
License
Developer
vbenjs
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
605 Stars
82 Commits
96 Forks
6 Watching
2 Branches
16 Contributors
Updated on 29 Nov 2024
Bundle Size
1.14 MB
Minified
346.26 kB
Minified + Gzipped
Languages
TypeScript (85.35%)
HTML (7.18%)
JavaScript (3.96%)
Shell (1.85%)
Vue (1.66%)
Total Downloads
Cumulative downloads
Total Downloads
23,987,021
Last day
-24.7%
40,814
Compared to previous day
Last week
-8.5%
245,890
Compared to previous week
Last month
-1.7%
1,123,446
Compared to previous month
Last year
50.3%
12,453,574
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
vite-plugin-html
English | ä¸æ–‡
Features
- HTML compression capability
- EJS template capability
- Multi-page application support
- Support custom
entry - Support custom
template
Install (yarn or npm)
node version: >=12.0.0
vite version: >=2.0.0
1yarn add vite-plugin-html -D
或
1npm i vite-plugin-html -D
Usage
- Add EJS tags to
index.html, e.g.
1<head> 2 <meta charset="UTF-8" /> 3 <link rel="icon" href="/favicon.ico" /> 4 <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 5 <title><%- title %></title> 6 <%- injectScript %> 7</head>
- Configure in
vite.config.ts, this method can introduce the required functions as needed
1import { defineConfig, Plugin } from 'vite'
2import vue from '@vitejs/plugin-vue'
3
4import { createHtmlPlugin } from 'vite-plugin-html'
5
6export default defineConfig({
7 plugins: [
8 vue(),
9 createHtmlPlugin({
10 minify: true,
11 /**
12 * After writing entry here, you will not need to add script tags in `index.html`, the original tags need to be deleted
13 * @default src/main.ts
14 */
15 entry: 'src/main.ts',
16 /**
17 * If you want to store `index.html` in the specified folder, you can modify it, otherwise no configuration is required
18 * @default index.html
19 */
20 template: 'public/index.html',
21
22 /**
23 * Data that needs to be injected into the index.html ejs template
24 */
25 inject: {
26 data: {
27 title: 'index',
28 injectScript: `<script src="./inject.js"></script>`,
29 },
30 tags: [
31 {
32 injectTo: 'body-prepend',
33 tag: 'div',
34 attrs: {
35 id: 'tag',
36 },
37 },
38 ],
39 },
40 }),
41 ],
42})Multi-page application configuration
1import { defineConfig } from 'vite'
2import { createHtmlPlugin } from 'vite-plugin-html'
3
4export default defineConfig({
5 plugins: [
6 createHtmlPlugin({
7 minify: true,
8 pages: [
9 {
10 entry: 'src/main.ts',
11 filename: 'index.html',
12 template: 'public/index.html',
13 injectOptions: {
14 data: {
15 title: 'index',
16 injectScript: `<script src="./inject.js"></script>`,
17 },
18 tags: [
19 {
20 injectTo: 'body-prepend',
21 tag: 'div',
22 attrs: {
23 id: 'tag1',
24 },
25 },
26 ],
27 },
28 },
29 {
30 entry: 'src/other-main.ts',
31 filename: 'other.html',
32 template: 'public/other.html',
33 injectOptions: {
34 data: {
35 title: 'other page',
36 injectScript: `<script src="./inject.js"></script>`,
37 },
38 tags: [
39 {
40 injectTo: 'body-prepend',
41 tag: 'div',
42 attrs: {
43 id: 'tag2',
44 },
45 },
46 ],
47 },
48 },
49 ],
50 }),
51 ],
52})Parameter Description
createHtmlPlugin(options: UserOptions)
UserOptions
| Parameter | Types | Default | Description |
|---|---|---|---|
| entry | string | src/main.ts | entry file path |
| template | string | index.html | relative path to the template |
| inject | InjectOptions | - | Data injected into HTML |
| minify | boolean|MinifyOptions | - | whether to compress html |
| pages | PageOption | - | Multi-page configuration |
InjectOptions
| Parameter | Types | Default | Description |
|---|---|---|---|
| data | Record<string, any> | - | injected data |
| ejsOptions | EJSOptions | - | ejs configuration OptionsEJSOptions |
| tags | HtmlTagDescriptor | - | List of tags to inject |
data can be accessed in html using the ejs template syntax
Env inject
By default, the contents of the .env file will be injected into index.html, similar to vite's loadEnv function
PageOption
| Parameter | Types | Default | Description |
|---|---|---|---|
| filename | string | - | html file name |
| template | string | index.html | relative path to the template |
| entry | string | src/main.ts | entry file path |
| injectOptions | InjectOptions | - | Data injected into HTML |
MinifyOptions
Default compression configuration
1 collapseWhitespace: true, 2 keepClosingSlash: true, 3 removeComments: true, 4 removeRedundantAttributes: true, 5 removeScriptTypeAttributes: true, 6 removeStyleLinkTypeAttributes: true, 7 useShortDoctype: true, 8 minifyCSS: true,
Run the playground
1pnpm install 2 3# spa 4cd ./packages/playground/basic 5 6pnpm run dev 7 8# map 9cd ./packages/playground/mpa 10 11pnpm run dev 12
Example project
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 11/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-html/test.yml/main?enable=pin
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Reason
23 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-mv48-hcvh-8jj8
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More