Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/rreverser/minify
The preferred stable release is v2. Master has some new changes for SVG that haven't yet endured the test of time, bug reports are appreciated.
Online demo if you need to minify files now.
Command line tool that minifies concurrently and supports watching file changes.
All releases on Equinox for various platforms.
If this software is useful to you, consider making a donation! When a significant amount has been deposited, I will write a much improved JS minifier.
Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file (such as whitespace) without changing its output and therefore shrinking its size and speeding up transmission over the internet and possibly parsing. The implemented minifiers are high performance and streaming, which implies O(n).
The core functionality associates mimetypes with minification functions, allowing embedded resources (like CSS or JS within HTML files) to be minified as well. Users can add new implementations that are triggered based on a mimetype (or pattern), or redirect to an external command (like ClosureCompiler, UglifyCSS, ...).
Minifiers or bindings to minifiers exist in almost all programming languages. Some implementations are merely using several regular-expressions to trim whitespace and comments (even though regex for parsing HTML/XML is ill-advised, for a good read see Regular Expressions: Now You Have Two Problems). Some implementations are much more profound, such as the YUI Compressor and Google Closure Compiler for JS. As most existing implementations either use Java or JavaScript and don't focus on performance, they are pretty slow. And loading the whole file into memory is bad for really large files (or impossible for infinite streams).
This minifier proves to be that fast and extensive minifier that can handle HTML and any other filetype it may contain (CSS, JS, ...). It streams the input and output and can minify files concurrently.
Run the following command
go get github.com/tdewolff/minify
or add the following imports and run the project with go get
import (
"github.com/tdewolff/minify"
"github.com/tdewolff/minify/css"
"github.com/tdewolff/minify/html"
"github.com/tdewolff/minify/js"
"github.com/tdewolff/minify/json"
"github.com/tdewolff/minify/svg"
"github.com/tdewolff/minify/xml"
)
There is no guarantee for absolute stability, but I take issues and bugs seriously and don't take API changes lightly. The library will be maintained in a compatible way unless vital bugs prevent me from doing so. There has been one API change after v1 which added options support and I took the opportunity to push through some more API clean up as well. There are no plans whatsoever for future API changes.
The API differences between v1 and v2 are listed below. If m := minify.New()
and w
and r
are your writer and reader respectfully, then v1 → v2:
minify.Bytes(m, ...)
→ m.Bytes(...)
minify.String(m, ...)
→ m.String(...)
html.Minify(m, "text/html", w, r)
→ html.Minify(m, w, r, nil)
also for css
, js
, ...css.Minify(m, "text/css;inline=1", w, r)
→ css.Minify(m, w, r, map[string]string{"inline":"1"})
For all subpackages and the imported parse
and buffer
packages, test coverage of 100% is pursued. Besides full coverage, the minifiers are fuzz tested using github.com/dvyukov/go-fuzz, see the wiki for the most important bugs found by fuzz testing. Furthermore am I working on adding visual testing to ensure that minification doesn't change anything visually. By using the WebKit browser to render the original and minified pages we can check whether any pixel is different.
These tests ensure that everything works as intended, the code does not crash (whatever the input) and that it doesn't change the final result visually. If you still encounter a bug, please report here!
HTML (with JS and CSS) minification typically runs at about 40MB/s ~= 140GB/h, depending on the composition of the file.
Website | Original | Minified | Ratio | Time* |
---|---|---|---|---|
Amazon | 463kB | 414kB | 90% | 10ms |
BBC | 113kB | 96kB | 85% | 3ms |
StackOverflow | 201kB | 182kB | 91% | 5ms |
Wikipedia | 435kB | 410kB | 94%** | 11ms |
*These times are measured on my home computer which is an average development computer. The duration varies a lot but it's important to see it's in the 10ms range! The benchmark uses all the minifiers and excludes reading from and writing to the file from the measurement.
**Is already somewhat minified, so this doesn't reflect the full potential of this minifier.
The HTML5 minifier uses these minifications:
html
, head
, body
, ...)tr
, td
, li
, ... and often p
)http:
, https:
and javascript:
)doctype
and meta
charsetOptions:
KeepDefaultAttrVals
preserve default attribute values such as <script type="text/javascript">
KeepDocumentTags
preserve html
, head
and body
tagsKeepEndTags
preserve all end tagsKeepWhitespace
preserve whitespace between inline tags but still collapse multiple whitespace characters into oneAfter recent benchmarking and profiling it became really fast and minifies pages in the 10ms range, making it viable for on-the-fly minification.
However, be careful when doing on-the-fly minification. Minification typically trims off 10% and does this at worst around about 20MB/s. This means users have to download slower than 2MB/s to make on-the-fly minification worthwhile. This may or may not apply in your situation. Rather use caching!
The whitespace removal mechanism collapses all sequences of whitespace (spaces, newlines, tabs) to a single space. If the sequence contained a newline or carriage return it will collapse into a newline character instead. It trims all text parts (in between tags) depending on whether it was preceded by a space from a previous piece of text and whether it is followed up by a block element or an inline element. In the former case we can omit spaces while for inline elements whitespace has significance.
Make sure your HTML doesn't depend on whitespace between block
elements that have been changed to inline
or inline-block
elements using CSS. Your layout should not depend on those whitespaces as the minifier will remove them. An example is a menu consisting of multiple <li>
that have display:inline-block
applied and have whitespace in between them. It is bad practise to rely on whitespace for element positioning anyways!
Minification typically runs at about 25MB/s ~= 90GB/h.
Library | Original | Minified | Ratio | Time* |
---|---|---|---|---|
Bootstrap | 134kB | 111kB | 83% | 4ms |
Gumby | 182kB | 167kB | 90% | 7ms |
*The benchmark excludes the time reading from and writing to a file from the measurement.
The CSS minifier will only use safe minifications:
margin
, padding
and border-width
number of sides+
and zeros and rewriting with/without exponentrgb(
, rgba(
, hsl(
and hsla(
colors to hex or namenormal
and bold
by numbers for font-weight
and font
none
→ 0
for border
, background
and outline
It does purposely not use the following techniques:
font-weight
within an already existing font
, too complex)!important
)margin-top
, margin-right
, margin-bottom
and margin-left
→ margin
)body > div#elem p
→ #elem p
)div[id=a]
→ div#a
)It's great that so many other tools make comparison tables: CSS Minifier Comparison, CSS minifiers comparison and CleanCSS tests. From the last link, this CSS minifier is almost without doubt the fastest and has near-perfect minification rates. It falls short with the purposely not implemented and often unsafe techniques, so that's fine.
Options:
Decimals
number of decimals to preserve for numbers, -1
means no trimmingThe JS minifier is pretty basic. It removes comments, whitespace and line breaks whenever it can. It employs all the rules that JSMin does too, but has additional improvements. For example the prefix-postfix bug is fixed.
Minification typically runs at about 50MB/s ~= 180GB/h. Common speeds of PHP and JS implementations are about 100-300kB/s (see Uglify2, Adventures in PHP web asset minimization).
Library | Original | Minified | Ratio | Time* |
---|---|---|---|---|
ACE | 630kB | 442kB | 70% | 12ms |
jQuery | 242kB | 130kB | 54% | 5ms |
jQuery UI | 459kB | 300kB | 65% | 10ms |
Moment | 97kB | 51kB | 52% | 2ms |
*The benchmark excludes the time reading from and writing to a file from the measurement.
TODO:
Minification typically runs at about 95MB/s ~= 340GB/h. It shaves off about 15% of filesize for common indented JSON such as generated by JSON Generator.
The JSON minifier only removes whitespace, which is the only thing that can be left out.
Minification typically runs at about 15MB/s ~= 55GB/h. Performance improvement are due.
The SVG minifier uses these minifications:
doctype
, XML prelude, metadata
g
, svg
, ...)px
unitpath
datarect
, line
, polygon
, polyline
to path
TODO:
Options:
Decimals
number of decimals to preserve for numbers, -1
means no trimmingMinification typically runs at about 70MB/s ~= 250GB/h.
The XML minifier uses these minifications:
Options:
KeepWhitespace
preserve whitespace between inline tags but still collapse multiple whitespace characters into oneAny input stream is being buffered by the minification functions. This is how the underlying buffer package inherently works to ensure high performance. The output stream however is not buffered. It is wise to preallocate a buffer as big as the input to which the output is written, or otherwise use bufio
to buffer to a streaming writer.
Retrieve a minifier struct which holds a map of mediatype → minifier functions.
m := minify.New()
The following loads all provided minifiers.
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("text/javascript", js.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
You can set options to several minifiers.
m.Add("text/html", &html.Minifier{
KeepDefaultAttrVals: true,
KeepWhitespace: true,
})
Minify from an io.Reader
to an io.Writer
for a specific mediatype.
if err := m.Minify(mediatype, w, r); err != nil {
panic(err)
}
Minify from and to a []byte
for a specific mediatype.
b, err = m.Bytes(mediatype, b)
if err != nil {
panic(err)
}
Minify from and to a string
for a specific mediatype.
s, err = m.String(mediatype, s)
if err != nil {
panic(err)
}
Get a minifying reader for a specific mediatype.
mr := m.Reader(mediatype, r)
if _, err := mr.Read(b); err != nil {
panic(err)
}
Get a minifying writer for a specific mediatype. Must be explicitly closed because it uses an io.Pipe
underneath.
mw := m.Writer(mediatype, w)
if mw.Write([]byte("input")); err != nil {
panic(err)
}
if err := mw.Close(); err != nil {
panic(err)
}
Add a minifier for a specific mimetype.
type CustomMinifier struct {
KeepLineBreaks bool
}
func (c *CustomMinifier) Minify(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
}
m.Add(mimetype, &CustomMinifier{KeepLineBreaks: true})
// or
m.AddRegexp(regexp.MustCompile("/x-custom$"), &CustomMinifier{KeepLineBreaks: true})
Add a minify function for a specific mimetype.
m.AddFunc(mimetype, func(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
})
m.AddFuncRegexp(regexp.MustCompile("/x-custom$"), func(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
})
Add a command cmd
with arguments args
for a specific mimetype.
m.AddCmd(mimetype, exec.Command(cmd, args...))
m.AddCmdRegexp(regexp.MustCompile("/x-custom$"), exec.Command(cmd, args...))
Using the params map[string]string
argument one can pass parameters to the minifier such as seen in mediatypes (type/subtype; key1=val2; key2=val2
). Examples are the encoding or charset of the data. Calling Minify
will split the mimetype and parameters for the minifiers for you, but MinifyMimetype
can be used if you already have them split up.
Minifiers can also be added using a regular expression. For example a minifier with image/.*
will match any image mime.
Basic example that minifies from stdin to stdout and loads the default HTML, CSS and JS minifiers. Optionally, one can enable java -jar build/compiler.jar
to run for JS (for example the ClosureCompiler). Note that reading the file into a buffer first and writing to a pre-allocated buffer would be faster (but would disable streaming).
package main
import (
"log"
"os"
"os/exec"
"github.com/tdewolff/minify"
"github.com/tdewolff/minify/css"
"github.com/tdewolff/minify/html"
"github.com/tdewolff/minify/js"
"github.com/tdewolff/minify/json"
"github.com/tdewolff/minify/svg"
"github.com/tdewolff/minify/xml"
)
func main() {
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("text/javascript", js.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
// Or use the following for better minification of JS but lower speed:
// m.AddCmd("text/javascript", exec.Command("java", "-jar", "build/compiler.jar"))
if err := m.Minify("text/html", os.Stdout, os.Stdin); err != nil {
panic(err)
}
}
Custom minifier showing an example that implements the minifier function interface. Within a custom minifier, it is possible to call any minifier function (through m minify.Minifier
) recursively when dealing with embedded resources.
package main
import (
"bufio"
"fmt"
"io"
"log"
"strings"
"github.com/tdewolff/minify"
)
func main() {
m := minify.New()
m.AddFunc("text/plain", func(m *minify.M, w io.Writer, r io.Reader, _ map[string]string) error {
// remove newlines and spaces
rb := bufio.NewReader(r)
for {
line, err := rb.ReadString('\n')
if err != nil && err != io.EOF {
return err
}
if _, errws := io.WriteString(w, strings.Replace(line, " ", "", -1)); errws != nil {
return errws
}
if err == io.EOF {
break
}
}
return nil
})
in := "Because my coffee was too cold, I heated it in the microwave."
out, err := m.String("text/plain", in)
if err != nil {
panic(err)
}
fmt.Println(out)
// Output: Becausemycoffeewastoocold,Iheateditinthemicrowave.
}
func main() {
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("text/javascript", js.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
http.Handle("/", m.Middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, path.Join("www", r.URL.Path))
})))
}
func Serve(w http.ResponseWriter, r *http.Request) {
mw := m.ResponseWriter(w, r)
defer mw.Close()
w = mw
http.ServeFile(w, r, path.Join("www", r.URL.Path))
}
ResponseWriter example which returns a ResponseWriter that minifies the content and then writes to the original ResponseWriter. Any write after applying this filter will be minified.
type MinifyResponseWriter struct {
http.ResponseWriter
io.WriteCloser
}
func (m MinifyResponseWriter) Write(b []byte) (int, error) {
return m.WriteCloser.Write(b)
}
// MinifyResponseWriter must be closed explicitly by calling site.
func MinifyFilter(mediatype string, res http.ResponseWriter) MinifyResponseWriter {
m := minify.New()
// add minfiers
mw := m.Writer(mediatype, res)
return MinifyResponseWriter{res, mw}
}
// Usage
func(w http.ResponseWriter, req *http.Request) {
w = MinifyFilter("text/html", w)
if _, err := io.WriteString(w, "<p class="message"> This HTTP response will be minified. </p>"); err != nil {
panic(err)
}
if err := w.Close(); err != nil {
panic(err)
}
// Output: <p class=message>This HTTP response will be minified.
}
Here's an example of a replacement for template.ParseFiles
from template/html
, which automatically minifies each template before parsing it.
Be aware that minifying templates will work in most cases but not all. Because the HTML minifier only works for valid HTML5, your template must be valid HTML5 of itself. Template tags are parsed as regular text by the minifier.
func compileTemplates(filenames ...string) (*template.Template, error) {
m := minify.New()
m.AddFunc("text/html", html.Minify)
var tmpl *template.Template
for _, filename := range filenames {
name := filepath.Base(filename)
if tmpl == nil {
tmpl = template.New(name)
} else {
tmpl = tmpl.New(name)
}
b, err := ioutil.ReadFile(filename)
if err != nil {
return nil, err
}
mb, err := m.Bytes("text/html", b)
if err != nil {
return nil, err
}
tmpl.Parse(string(mb))
}
return tmpl, nil
}
Example usage:
templates := template.MustCompile(compileTemplates("view.html", "home.html"))
Released under the MIT license.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.