Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/babel/minify
An ES6+ aware minifier based on the Babel toolchain.
NOTE: We are in a feature freeze as we're trying to hammer out all the bugs to get to beta release. The best way to contribute is to test, report bugs, and add test cases.
Checkout our CONTRIBUTING.md if you want to help out!
babili is consumable via API, CLI, or babel preset.
Package | Version | Dependencies |
---|---|---|
babili |
This is simple wrapper around the regular babel-cli
and thus takes in the same cli options as running babel on its own. You can use this if you don't already use babel or want to run it standalone.
babili src -d lib
Equivalent to:
babel src -d lib --presets=babili
Package | Version | Dependencies |
---|---|---|
babel-preset-babili |
It's a babel preset (like babel-preset-es2015
).
You'll most likely want to use it only in the production environment. Check out the env docs for more help.
Options specific to a certain environment are merged into and overwrite non-env specific options.
.babelrc
:
{
"presets": ["es2015"],
"env": {
"production": {
"presets": ["minify"]
}
}
}
Then you'll need to set the env variable which could be something like BABEL_ENV=production npm run build
babel-preset-babili
)The babili
repo is comprised of many npm packages. It is a lerna monorepo similar to babel itself.
The npm package babel-preset-babili
is at the path packages/babel-preset-babili
Normally you wouldn't be consuming the plugins directly since the preset is available.
Add to your .babelrc
's plugins array.
{
"plugins": ["babel-plugin-transform-undefined-to-void"]
}
Running the benchmarks:
./scripts/benchmark.js file.js
Backbone.js:
raw raw win gzip gzip win parse time run
babel 21.74kB 222% 7.28kB 170% 2ms 831ms
uglify 21.82kB 220% 7.32kB 169% 1ms 359ms
closure 21.67kB 223% 7.37kB 167% 2ms 3455ms
Run with: ./scripts/benchmark.js ./scripts/fixtures/backbone.js
React:
raw raw win gzip gzip win parse time run
babel 176.09kB 256% 52.88kB 168% 12ms 3506ms
closure 171.46kB 265% 52.97kB 168% 12ms 9785ms
uglify 176.41kB 255% 53.18kB 167% 12ms 2187ms
Run with: ./scripts/benchmark.js ./scripts/fixtures/react.js
jQuery:
raw raw win gzip gzip win parse time run
uglify 94.4kB 217% 32.82kB 157% 8ms 1449ms
babel 93.63kB 220% 32.95kB 156% 8ms 3623ms
closure 94.23kB 218% 33.38kB 153% 10ms 9001ms
Run with: ./scripts/benchmark.js ./scripts/fixtures/jquery.js
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.