{"id":27952007,"url":"https://github.com/swup/custom-payload-plugin","last_synced_at":"2026-04-18T05:34:08.764Z","repository":{"id":57164019,"uuid":"316852304","full_name":"swup/custom-payload-plugin","owner":"swup","description":"A swup plugin for sending custom payload formats 📦","archived":false,"fork":false,"pushed_at":"2023-07-26T10:13:24.000Z","size":135,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-06T02:26:41.136Z","etag":null,"topics":["json","payload","plugin","server","swup"],"latest_commit_sha":null,"homepage":"https://swup.js.org/plugins/custom-payload-plugin","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swup.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":["gmrchk","daun","hirasso"],"open_collective":"swup"}},"created_at":"2020-11-29T01:12:15.000Z","updated_at":"2023-07-21T09:30:33.000Z","dependencies_parsed_at":"2024-01-29T11:11:17.645Z","dependency_job_id":null,"html_url":"https://github.com/swup/custom-payload-plugin","commit_stats":{"total_commits":25,"total_committers":2,"mean_commits":12.5,"dds":0.24,"last_synced_commit":"bf1f2a691c760f021c6a250b7d5900667fa3a477"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/swup/custom-payload-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swup%2Fcustom-payload-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swup%2Fcustom-payload-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swup%2Fcustom-payload-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swup%2Fcustom-payload-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swup","download_url":"https://codeload.github.com/swup/custom-payload-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swup%2Fcustom-payload-plugin/sbom","scorecard":{"id":862387,"data":{"date":"2025-08-11","repo":{"name":"github.com/swup/custom-payload-plugin","commit":"bf1f2a691c760f021c6a250b7d5900667fa3a477"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":2,"reason":"Found 2/8 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/redeploy-docs.yml:1","Warn: no topLevel permission defined: .github/workflows/version-update.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/npm-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/npm-publish.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/redeploy-docs.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/redeploy-docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-update.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/version-update.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-update.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/version-update.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-update.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/swup/custom-payload-plugin/version-update.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T01:40:26.384Z","repository_id":57164019,"created_at":"2025-08-24T01:40:26.384Z","updated_at":"2025-08-24T01:40:26.384Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31957660,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["json","payload","plugin","server","swup"],"created_at":"2025-05-07T16:27:16.578Z","updated_at":"2026-04-18T05:34:08.737Z","avatar_url":"https://github.com/swup.png","language":"JavaScript","funding_links":["https://github.com/sponsors/gmrchk","https://github.com/sponsors/daun","https://github.com/sponsors/hirasso","https://opencollective.com/swup"],"categories":[],"sub_categories":[],"readme":"# Swup Custom Payload Plugin\n\nA [swup](https://swup.js.org/) plugin for sending custom payload formats.\n\n**🪦 Retired: This plugin is no longer supported in swup 4. Keep using swup 3 if you\nrequire custom payloads.**\n\nAllow receiving custom data formats on swup requests. Great for sending only the actually updated\ncontent as JSON, reducing response size and speeding up page load. To identify requests requiring a\ncustom payload, check if the `X-Requested-With` header is set to `swup`.\n\n## Installation\n\nInstall the plugin from npm and import it into your bundle.\n\n```bash\nnpm install @swup/custom-payload-plugin\n```\n\n```js\nimport SwupCustomPayloadPlugin from '@swup/custom-payload-plugin';\n```\n\nOr include the minified production file from a CDN:\n\n```html\n\u003cscript src=\"https://unpkg.com/@swup/custom-payload-plugin@2\"\u003e\u003c/script\u003e\n```\n\n## Usage\n\nTo run this plugin, include an instance in the swup options.\n\nPass in a `generatePageObject` function that receives a server request object,\nparses its response data and and returns an object with page data expected by\nswup. See below for the required structure and usage examples.\n\n```javascript\nconst swup = new Swup({\n  plugins: [\n    new SwupCustomPayloadPlugin({\n        generatePageObject: (request) =\u003e {\n            /* [parse data from response here] */\n            return { title, blocks, pageClass, originalContent };\n        }\n    })\n    ]\n});\n```\n\n## Payload → Page object\n\nThe returned page object must include the new page's title and all its content\nblocks. Other properties might be required to ensure proper functioning of\nadditional plugins in use by the site.\n\n|     Property      |  Required?   |         Type          |                                             Content                                             |             Notes             |\n| ----------------- | ------------ | --------------------- | ----------------------------------------------------------------------------------------------- | ----------------------------- |\n| **`title`**       | **required** | string                | Title of the new page                                                                           |                               |\n| **`blocks`**      | **required** | array of HTML strings | Containers of the new page, in the correct order (as marked by `[data-swup]` attributes in DOM) |                               |\n| `pageClass`       |              | string                | Class name(s) of the new page's body tag                                                        | Required by Body Class Plugin |\n| `originalContent` |              | string                | Full HTML response of the new page                                                              | Required by Head Plugin       |\n\n## Example\n\nThis example shows how to parse a JSON response from the server and return the\ncorrect data expected by swup.\n\nGiven this custom JSON payload:\n\n```json\n{\n    \"title\": \"About\",\n    \"template\": \"about\",\n    \"containers\": [\n        \"\u003cmain id=\\\"content\\\" class=\\\"transition-fade\\\"\u003e\u003ch1\u003eAbout\u003c/h1\u003e\u003cp\u003eLorem ipsum dolor sit amet\u003c/p\u003e\u003c/main\u003e\",\n        \"\u003cnav id=\\\"menu\\\" class=\\\"transition-fade\\\"\u003e\u003ca href=\\\"/\\\"\u003eHome\u003c/a\u003e\u003ca href=\\\"/about/\\\"\u003eAbout\u003c/a\u003e\u003c/nav\u003e\"\n    ]\n}\n```\n\nThis function will parse and prepare the page data for swup:\n\n```js\nfunction generatePageObject({ response }) {\n    const { title, template, containers } = JSON.parse(response);\n    return {\n        title: title,\n        blocks: containers,\n        pageClass: template\n    };\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswup%2Fcustom-payload-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswup%2Fcustom-payload-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswup%2Fcustom-payload-plugin/lists"}