WildflowerJS Logo WildflowerJS

WildflowerJS Reactive JS, No BS*

A no-build reactive JavaScript framework, rooted in the web platform.
No build step. No dependencies. No lock-in.

<script src="wildflower.min.js"></script> ...and start building.

Back to Basics

The code you write is 100% web standard code. HTML stays HTML. JavaScript stays JavaScript. CSS stays CSS. No JSX, no templating language, no custom syntax to learn. If you know the web platform, you already know how to use this.

WildflowerJS extends the web platform. It doesn't replace it.

Your Development Simplified

Because you develop with 100% web standards, every tool in your existing chain already understands the code: IDE, browser DevTools, linter, formatter, screen reader, SEO crawler. Nothing to install, no custom file types, no sourcemaps. Save the file, refresh, and your change is live.

Just be a web developer.

Batteries Included: One Mental Model

Router, SSR, stores, computed properties, two-way binding, event modifiers, data pools, and TypeScript types, all built in, all speaking the same language. Learn data-bind once and you know binding everywhere: lists, pools, stores, forms. There's no five-library stack to keep in sync.

One script tag. Everything you need.

<div data-component="counter">
  <span data-bind="count"></span>
  <button data-action="increment">
    +1
  </button>
</div>

<script>
wildflower.component('counter', {
  state: { count: 0 },
  increment() { this.count++ }
})
</script>

How It Works

data-bind connects state to the DOM.

data-action connects events to methods.

this.count++ triggers a precise DOM update.

Mutate state. The DOM updates.

Two Reactivity Modes

data-list for automatic reactivity: mutate state, DOM updates. data-pool for explicit control: plain objects, zero proxy overhead, you say what changed.

Same template syntax. Different performance profile. From interactive forms to per-frame particle systems. You choose the right tradeoff for the job.

Try it. Right-click, inspect this demo. Every dot is a real DOM element.

See full demo →

Get Started View Demos
* Build Step

Zero Toolchain

Modern frameworks ask you to install a compiler, a bundler, a package manager, hundreds of fragile transitive dependencies, and a framework-specific file format, before you write a single line of your application.

WildflowerJS was built starting from a single principle: no build step, no tooling. Ever.

WildflowerJS asks you to add a script tag.

There's no CLI scaffolding step, no config files, no .vue/.jsx/.svelte source format. You don't debug through sourcemaps or wait on a build pipeline. Your project has zero dependencies.

Performance isn't a tradeoff. Build steps optimize bundle delivery, not the runtime work that follows it. WildflowerJS writes directly to the DOM, with no virtual DOM or reconciliation pass between state change and update, so it doesn't need a build step to be fast.

The framework is full-featured without the toolchain: router, SSR, stores, computed properties, transitions, pools. You don't need a toolchain to use any of it.

my-app/
  index.html
  app.js
  style.css
  wildflower.min.js

That's the entire project. No package.json.
No node_modules. No config files. Ship it.

Zero Install. Zero Attack Surface.

Every dependency you install is trust extended to a maintainer you've never met, running scripts on your dev machine and in your CI. A typical React + Vite + UI‑lib setup pulls in 300+ transitive packages before you write a feature.

Each one is a potential intrusion vector. NPM worms, OAuth chains compromising deploy platforms, postinstall hijacking: the supply chain is now where production code gets compromised, not the deploy. And signing isn't a backstop: Mini Shai‑Hulud (May 2026) compromised 170+ packages whose malicious versions carried valid SLSA Build Level 3 provenance, because the attestation came from build infrastructure the worm had already taken over.

WildflowerJS users don't have this attack surface, by construction. There is no npm install, no postinstall script, no transitive package graph. The framework is one file you copy or pin by hash.

As of v1.1, the same holds for building the framework itself. WildflowerJS bundles with a vendored rollup and terser pipeline pulled as three SHA‑512‑pinned tarballs: no npm install, no transitive packages, no postinstall scripts in the build path. The entire toolchain is three files you verify by hash.

Zero dependencies is the absence of a problem the rest of the industry has not properly addressed.

A typical React/Vue project:

  npm install
  ├── hundreds of packages
  ├── from hundreds of maintainers
  ├── postinstall scripts run on install
  └── tens to hundreds of MB of transitive code

WildflowerJS:

  <script src="wildflower.min.js"></script>
  └── 1 file.
      No transitive dependencies.

Zero Lock-in

WildflowerJS works with the DOM, not instead of it. There's no virtual DOM intercepting your code and no compiler rewriting your markup. The render cycle is yours.

That means Leaflet, DataTables, Chart.js, D3, Three.js, any library that touches the DOM, just works. No wrapper packages or framework-specific escape hatches required. Drop in a script tag and use it.

Because your code is standard HTML and JavaScript, you're never locked in. Your skills transfer and your code is more portable. If you outgrow the framework, your knowledge doesn't expire.

This also means your "ecosystem" is all of the world of vanilla JS. Without compromises or hacks.

<!-- Use any library directly -->
<div data-component="map-view">
  <div id="map" style="height: 400px"></div>
</div>
wildflower.component('map-view', {
  state: { lat: 51.505, lng: -0.09 },
  init() {
    // Leaflet works as-is. No wrappers.
    this._map = L.map('map')
      .setView([this.lat, this.lng], 13);
    L.tileLayer('https://{s}.tile.osm.org'
      + '/{z}/{x}/{y}.png').addTo(this._map);
  }
})

Precise Reactivity

When you write this.count++, WildflowerJS updates the single DOM node bound to count. Nothing else is touched. There's no tree diffing or reconciliation pass to figure that out.

This isn't a tradeoff. You get fine-grained updates and a simple mental model. Change a property, the bound element updates. That's the entire reactivity model.

Other frameworks ask you to learn signals, accessors, memos, effects, and subscription lifecycles to achieve what WildflowerJS does with a property assignment.

wildflower.component('dashboard', {
  state: {
    users: 1420,
    status: 'healthy'
  },
  computed: {
    summary() {
      return this.users + ' users, ' + this.status;
    }
  },
  refresh() {
    this.users = 1421;
    // Only the elements bound to 'users'
    // and 'summary' update. Everything
    // else on the page is untouched.
  }
})

One Reactivity Model. Everywhere.

Components, Stores, and Plugins all share the same reactive foundation. State, computed properties, and methods work identically no matter where they live. Learn it once, it works the same way in a UI component, a global store, or a framework plugin.

Other frameworks make you learn a different system for each layer. React components use hooks, but stores need Redux or Zustand, which are completely different APIs. Vue components use reactive data, but Pinia stores have their own patterns. Every layer is a new mental model.

In WildflowerJS, there's one model. A store is a component without a template. A plugin is an entity that extends the framework itself, adding directives, lifecycle hooks, and services. The same this.count++ triggers the same reactivity everywhere.

This unlocks patterns other frameworks can't express. A store can run headless physics simulations with tick(), feeding data into a component that renders it through a pool, all using the same reactive primitives, no glue code required.

// Component: reactive UI
wildflower.component('cart', {
  state: { items: [] },
  computed: {
    total() { return this.items.length; }
  }
})

// Store: global shared state
wildflower.store('user', {
  state: { name: '', role: 'guest' },
  computed: {
    isAdmin() { return this.role === 'admin'; }
  }
})

// Plugin: extends the framework
wildflower.plugin({
  name: 'notifications',
  state: { items: [], unreadCount: 0 },
  computed: {
    hasUnread() { return this.unreadCount > 0; }
  },
  add(msg) { this.items.push(msg); this.unreadCount++; }
})
// Access globally: wildflower.$notifications.add(...)

// Same state. Same computed. Same methods.

Data Pools

Every framework wraps collection items in reactive proxies, whether the item needs it or not. WildflowerJS gives you a choice: data-list for push reactivity (automatic), data-pool for pull reactivity (explicit control, zero proxy overhead).

Pools render plain objects with the same template syntax as lists. Mutate the object, call markDirty(), and only that item updates. Full CRUD, selection, bulk operations, all faster than the push-reactive path.

And because pools use pull-based rendering, they scale to simulations, games, particle systems, and data visualizations at native frame rate. Use cases that would choke a virtual DOM. No other framework has anything like this.

<div data-component="user-table">
  <tbody data-pool="users" data-key="id">
    <template>
      <tr>
        <td data-bind="name"></td>
        <td data-bind="status"
            data-bind-class="status === 'active'
              ? 'badge success'
              : 'badge inactive'"></td>
      </tr>
    </template>
  </tbody>
</div>
wildflower.component('user-table', {
  pools: { users: {} },

  init() {
    // Populate: plain objects, no proxies
    data.forEach(u => this.pools.users.add(u));
  },

  // Optional: add tick() and the same pool
  // renders every frame. Same template, same
  // data, different rendering frequency.
  // That's the only difference between a
  // display table and a particle system.
})

Built for AI-Assisted Development

Because WildflowerJS is standard HTML and JavaScript, AI code assistants already know how to write it. There's no custom syntax to hallucinate or compiler quirks to work around. The code an AI generates runs exactly as written, with no build step between generation and execution.

We go further. WildflowerJS ships an AI-optimized reference page with patterns, anti-patterns, and examples designed for code generation context windows. Our llms.txt file follows the llms.txt convention for machine-readable documentation.

And for structured app generation, our Universal App Manifest lets you describe an entire application as a JSON schema (components, state, computed properties, methods, templates) and have an AI generate the working code from the manifest, mediated through framework-specific idiom files.

You: "Build me a todo app with
WildflowerJS"

AI reads llms.txt or ai-assistant.html
     ↓
Generates standard HTML + JS
     ↓
<div data-component="todo-app">
  <input data-model="newItem">
  <button data-action="addItem">
    Add
  </button>
  <ul data-list="items">
    <template>
      <li data-bind="text"></li>
    </template>
  </ul>
</div>
     ↓
Open in your browser. It works, and you can read and understand the code.

Expressions

WildflowerJS binding attributes accept both simple property names and inline JavaScript expressions, enabling dynamic values without computed properties.

Overview

Most binding attributes accept either a simple property name or a JavaScript expression. Simple property names resolve directly from component state or computed properties. Expressions are evaluated at render time and re-evaluated whenever their dependencies change.

<!-- Simple property reference -->
<span data-bind="username"></span>

<!-- Expression with arithmetic -->
<span data-bind="price * quantity"></span>

<!-- Expression with ternary -->
<span data-bind="isActive ? 'Active' : 'Inactive'"></span>

The framework automatically detects whether a binding value is a simple property name or an expression by looking for operators, parentheses, or ternary syntax.

Where Expressions Work

Expressions are supported in these binding attributes:

Attribute Example Purpose
data-bind data-bind="price * qty" Text content
data-bind-html data-bind-html="htmlContent" HTML content
data-bind-class data-bind-class="isActive ? 'on' : 'off'" CSS classes
data-bind-style data-bind-style="{ color: isError ? 'red' : 'black' }" Inline styles
data-bind-attr data-bind-attr="{ disabled: !isValid }" HTML attributes
data-show data-show="items.length > 0" Visibility toggle
data-render data-render="isLoggedIn && hasPermission" Conditional rendering

Syntax Reference

Property References

Reference state properties and computed properties by name. Nested properties use dot notation:

<span data-bind="count"></span>
<span data-bind="user.name"></span>
<span data-bind="address.city"></span>

Arithmetic

<span data-bind="price * quantity"></span>
<span data-bind="subtotal + tax"></span>
<span data-bind="total / count"></span>
<span data-bind="index % 2"></span>
<span data-bind="(price * quantity) + shipping"></span>

Comparisons

<div data-show="count > 0">Has items</div>
<div data-show="status === 'active'">Active</div>
<div data-show="score >= 90">High score</div>
<div data-show="type !== 'hidden'">Visible</div>

Logical Operators

<div data-show="isLoggedIn && isAdmin">Admin Panel</div>
<div data-show="hasError || isLoading">Status</div>
<span data-bind="nickname || username"></span>

Ternary Operator

<span data-bind="isOnline ? 'Online' : 'Offline'"></span>
<span data-bind-class="isActive ? 'btn-primary' : 'btn-secondary'"></span>
<span data-bind="count === 1 ? 'item' : 'items'"></span>

Negation

<!-- Simple negation (not treated as an expression) -->
<div data-show="!isHidden">Visible</div>

<!-- Negation in expressions -->
<div data-show="!isLoading && items.length > 0">Ready</div>
<div data-bind-attr="{ disabled: !isValid }"></div>

String and Number Literals

<span data-bind="count + ' items'"></span>
<span data-bind="score > 100 ? 'High' : 'Low'"></span>

Store Access

Access store values in expressions using the $storeName.property shorthand:

<span data-bind="$user.name"></span>
<div data-show="$cart.itemCount > 0">Items in cart</div>
<span data-bind="$settings.theme === 'dark' ? 'Dark Mode' : 'Light Mode'"></span>

The $store.path syntax is converted to external('store', 'path') internally. See Basic Stores for more on store subscriptions.

Expressions vs Computed Properties

Both inline expressions and computed properties can derive values from state. Choose based on complexity:

Use When
Inline expression Simple, one-off calculations: a comparison, a ternary, basic arithmetic
Computed property Complex logic, reused across multiple bindings, or multi-step calculations 
<!-- Inline: fine for simple cases -->
<span data-bind-class="isActive ? 'active' : ''"></span>
<span data-bind="price * quantity"></span>

<!-- Computed: better for complex logic -->
<span data-bind="formattedTotal"></span>
<span data-bind-class="statusClass"></span>
wildflower.component('invoice', {
    state: {
        price: 29.99,
        quantity: 3,
        taxRate: 0.08
    },
    computed: {
        formattedTotal() {
            var total = this.price * this.quantity
            var tax = total * this.taxRate
            return '$' + (total + tax).toFixed(2)
        },
        statusClass() {
            if (this.quantity === 0) return 'text-muted'
            if (this.quantity > 10) return 'text-success fw-bold'
            return 'text-primary'
        }
    }
})

As a rule of thumb: if the expression needs more than one operator or is used in multiple places, extract it into a computed property.

Content Security Policy (CSP)

By default, WildflowerJS compiles expressions using new Function() for best performance. In environments with strict Content Security Policy headers that block unsafe-eval, the framework automatically detects this and switches to a built-in AST-based expression parser.

Forcing CSP-Safe Mode

If auto-detection doesn't work in your environment, force CSP-safe mode explicitly:

wildflower.config({ forceCSPMode: true });

What CSP Mode Supports

The AST-based parser supports the same expression syntax used in bindings:

  • Arithmetic: +, -, *, /, %
  • Comparison: ==, !=, ===, !==, <, >, <=, >=
  • Logical: &&, ||, !
  • Bitwise: &, |, ^, ~, <<, >>, >>>
  • Ternary: condition ? a : b
  • Unary: -x, +x, !x, ~x
  • Property access: dot notation (user.name) and bracket notation (items[0])
  • Function calls: external() for store access
  • Literals: strings, numbers, true, false, null, undefined, arrays
  • Grouping: parentheses (a + b) * c

CSP Mode Limitations

The AST parser does not support:

  • Method calls (e.g., str.toUpperCase()); use a computed property instead
  • Arrow functions
  • Template literals (`hello ${name}`)
  • Destructuring or spread operators
  • Global objects (Math, Date, etc.); use computed properties for these
Note: In standard mode (without CSP restrictions), expressions are compiled with new Function() and can access JavaScript globals like Math.round() or Date.now(). These do not work in CSP mode. If you need CSP compliance, use computed properties for any logic that requires global objects or method calls.

Security

The CSP expression evaluator includes built-in security protections:

  • No global access: window, document, fetch, eval, and other browser globals are blocked
  • No prototype pollution: Access to __proto__, constructor, and prototype is blocked
  • Scope-limited: Expressions can only reference component state, computed properties, and store data via external()
Performance: CSP-safe evaluation has a small overhead due to AST parsing. In most applications this is negligible, but if you don't have CSP restrictions, there's no need to enable it.
Previous Advanced Forms
Next Templating