Package Health Score

63 / 100

security
No known security issues
popularity
Key ecosystem project
maintenance
Inactive
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
1.16.1	\|	01/2020	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.15.0	\|	04/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.6.4	\|	08/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.5.3	\|	08/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.4.2	\|	05/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

No

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Key ecosystem project

Weekly Downloads (4,701,913)

GitHub Stars: 28.53K
Forks: 1.54K
Contributors: -

Direct Usage Popularity

The npm package popper.js receives a total of 4,701,913 downloads a week. As such, we scored popper.js popularity level to be Key ecosystem project.

Based on project statistics from the GitHub repository for the npm package popper.js, we found that it has been starred 28,532 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: Yes
Contributors: 0
Funding: Yes

This project has seen only 10 or less contributors.

Embed Package Health Score Badge

Maintenance

Inactive

deprecated

Commit Frequency

Open Issues: 7
Open PR: 5
Last Release: 4 years ago
Last Commit: 10 days ago

Further analysis of the maintenance status of popper.js based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for popper.js is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 8 years
Dependencies: 0 Direct
Versions: 115
Install Size: 1.72 MB
Dist-tags: 5
# of Files: 100
Maintainers: 1
TS Typings: No

popper.js has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Popper.js

A library used to position poppers in web applications.

Wut? Poppers?

A popper is an element on the screen which "pops out" from the natural flow of your application.
Common examples of poppers are tooltips, popovers and drop-downs.

So, yet another tooltip library?

Well, basically, no.
Popper.js is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.

The engine is completely modular and most of its features are implemented as modifiers (similar to middlewares or plugins).
The whole code base is written in ES2015 and its features are automatically tested on real browsers thanks to SauceLabs and TravisCI.

Popper.js has zero dependencies. No jQuery, no LoDash, nothing.
It's used by big companies like Twitter in Bootstrap v4, Microsoft in WebClipper and Atlassian in AtlasKit.

Popper.js

This is the engine, the library that computes and, optionally, applies the styles to the poppers.

Some of the key points are:

Position elements keeping them in their original DOM context (doesn't mess with your DOM!);
Allows to export the computed informations to integrate with React and other view libraries;
Supports Shadow DOM elements;
Completely customizable thanks to the modifiers based structure;

Visit our project page to see a lot of examples of what you can do with Popper.js!

Find the documentation here.

Tooltip.js

Since lots of users just need a simple way to integrate powerful tooltips in their projects, we created Tooltip.js.
It's a small library that makes it easy to automatically create tooltips using as engine Popper.js.
Its API is almost identical to the famous tooltip system of Bootstrap, in this way it will be easy to integrate it in your projects.
The tooltips generated by Tooltip.js are accessible thanks to the aria tags.

Find the documentation here.

Installation

Popper.js is available on the following package managers and CDNs:

Source
npm	`npm install popper.js --save`
yarn	`yarn add popper.js`
NuGet	`PM> Install-Package popper.js`
Bower	`bower install popper.js --save`
unpkg	`https://unpkg.com/popper.js`
cdnjs	`https://cdnjs.com/libraries/popper.js`

Tooltip.js as well:

Source
npm	`npm install tooltip.js --save`
yarn	`yarn add tooltip.js`
Bower*	`bower install tooltip.js=https://unpkg.com/tooltip.js --save`
unpkg	`https://unpkg.com/tooltip.js`
cdnjs	`https://cdnjs.com/libraries/popper.js`

*: Bower isn't officially supported, it can be used to install Tooltip.js only trough the unpkg.com CDN. This method has the limitation of not being able to define a specific version of the library. Bower and Popper.js suggests to use npm or Yarn for your projects.
For more info, read the related issue.

Dist targets

Popper.js is currently shipped with 3 targets in mind: UMD, ESM and ESNext.

UMD - Universal Module Definition: AMD, RequireJS and globals;
ESM - ES Modules: For webpack/Rollup or browser supporting the spec;
ESNext: Available in dist/, can be used with webpack and babel-preset-env;

Make sure to use the right one for your needs. If you want to import it with a `

popper.js development dependencies

@popperjs/bundle @popperjs/eslint-config-popper @popperjs/test @popperjs/test-utils eslint nuget-publish typescript

FAQs

What is popper.js?

A kickass library to manage your poppers. Visit Snyk Advisor to see a full health score report for popper.js, including popularity, security, maintenance & community analysis.

Is popper.js popular?

The npm package popper.js receives a total of 4,701,913 weekly downloads. As such, popper.js popularity was classified as a key ecosystem project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is popper.js well maintained?

We found indications that popper.js is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is popper.js safe to use?

The npm package popper.js was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 23 April-2024, at 10:10 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected