Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/tdewolff/minify/v2
Online demo if you need to minify files now.
Binaries of CLI for various platforms. See CLI for more installation instructions.
Windows binary from scoop install with scoop install main/minify
Python bindings install with pip install tdewolff-minify
JavaScript bindings install with npm i @tdewolff/minify
.NET bindings install with Install-Package NMinify
or dotnet add package NMinify
, thanks to Jonas Kamsker for the port
Did you know that the shortest valid piece of HTML5 is <!doctype html><title>x</title>
? See for yourself at the W3C Validator!
Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file (such as whitespace) without changing its output and therefore shrinking its size and speeding up transmission over the internet and possibly parsing. The implemented minifiers are designed for high performance (see https://github.com/privatenumber/minification-benchmarks where this library is (one of) the fastest JS minifiers).
The core functionality associates mimetypes with minification functions, allowing embedded resources (like CSS or JS within HTML files) to be minified as well. Users can add new implementations that are triggered based on a mimetype (or pattern), or redirect to an external command (like ClosureCompiler, UglifyCSS, ...).
I'm actively looking for support in the form of donations or sponsorships to keep developing this library and highly appreciate any gesture. Please see the Sponsors button in GitHub for ways to contribute, or contact me directly.
Minifiers or bindings to minifiers exist in almost all programming languages. Some implementations are merely using several regular expressions to trim whitespace and comments (even though regex for parsing HTML/XML is ill-advised, for a good read see Regular Expressions: Now You Have Two Problems). Some implementations are much more profound, such as the YUI Compressor and Google Closure Compiler for JS. As most existing implementations either use JavaScript, use regexes, and don't focus on performance, they are pretty slow.
This minifier proves to be that fast and extensive minifier that can handle HTML and any other filetype it may contain (CSS, JS, ...). It is usually orders of magnitude faster than existing minifiers.
Make sure you have Git and Go (1.18 or higher) installed, run
mkdir Project
cd Project
go mod init
go get -u github.com/tdewolff/minify/v2
Then add the following imports to be able to use the various minifiers
import (
"github.com/tdewolff/minify/v2"
"github.com/tdewolff/minify/v2/css"
"github.com/tdewolff/minify/v2/html"
"github.com/tdewolff/minify/v2/js"
"github.com/tdewolff/minify/v2/json"
"github.com/tdewolff/minify/v2/svg"
"github.com/tdewolff/minify/v2/xml"
)
You can optionally run go mod tidy
to clean up the go.mod
and go.sum
files.
See CLI tool for installation instructions of the binary.
If you want to use Docker, please see https://hub.docker.com/r/tdewolff/minify.
$ docker run -it tdewolff/minify --help
There is no guarantee for absolute stability, but I take issues and bugs seriously and don't take API changes lightly. The library will be maintained in a compatible way unless vital bugs prevent me from doing so. There has been one API change after v1 which added options support and I took the opportunity to push through some more API clean up as well. There are no plans whatsoever for future API changes.
For all subpackages and the imported parse
package, test coverage of 100% is pursued. Besides full coverage, the minifiers are fuzz tested using github.com/dvyukov/go-fuzz, see the wiki for the most important bugs found by fuzz testing. These tests ensure that everything works as intended and that the code does not crash (whatever the input). If you still encounter a bug, please file a bug report!
The benchmarks directory contains a number of standardized samples used to compare performance between changes. To give an indication of the speed of this library, I've ran the tests on my Thinkpad T460 (i5-6300U quad-core 2.4GHz running Arch Linux) using Go 1.15.
name time/op
CSS/sample_bootstrap.css-4 2.70ms ± 0%
CSS/sample_gumby.css-4 3.57ms ± 0%
CSS/sample_fontawesome.css-4 767µs ± 0%
CSS/sample_normalize.css-4 85.5µs ± 0%
HTML/sample_amazon.html-4 15.2ms ± 0%
HTML/sample_bbc.html-4 3.90ms ± 0%
HTML/sample_blogpost.html-4 420µs ± 0%
HTML/sample_es6.html-4 15.6ms ± 0%
HTML/sample_stackoverflow.html-4 3.73ms ± 0%
HTML/sample_wikipedia.html-4 6.60ms ± 0%
JS/sample_ace.js-4 28.7ms ± 0%
JS/sample_dot.js-4 357µs ± 0%
JS/sample_jquery.js-4 10.0ms ± 0%
JS/sample_jqueryui.js-4 20.4ms ± 0%
JS/sample_moment.js-4 3.47ms ± 0%
JSON/sample_large.json-4 3.25ms ± 0%
JSON/sample_testsuite.json-4 1.74ms ± 0%
JSON/sample_twitter.json-4 24.2µs ± 0%
SVG/sample_arctic.svg-4 34.7ms ± 0%
SVG/sample_gopher.svg-4 307µs ± 0%
SVG/sample_usa.svg-4 57.4ms ± 0%
SVG/sample_car.svg-4 18.0ms ± 0%
SVG/sample_tiger.svg-4 5.61ms ± 0%
XML/sample_books.xml-4 54.7µs ± 0%
XML/sample_catalog.xml-4 33.0µs ± 0%
XML/sample_omg.xml-4 7.17ms ± 0%
name speed
CSS/sample_bootstrap.css-4 50.7MB/s ± 0%
CSS/sample_gumby.css-4 52.1MB/s ± 0%
CSS/sample_fontawesome.css-4 61.2MB/s ± 0%
CSS/sample_normalize.css-4 70.8MB/s ± 0%
HTML/sample_amazon.html-4 31.1MB/s ± 0%
HTML/sample_bbc.html-4 29.5MB/s ± 0%
HTML/sample_blogpost.html-4 49.8MB/s ± 0%
HTML/sample_es6.html-4 65.6MB/s ± 0%
HTML/sample_stackoverflow.html-4 55.0MB/s ± 0%
HTML/sample_wikipedia.html-4 67.5MB/s ± 0%
JS/sample_ace.js-4 22.4MB/s ± 0%
JS/sample_dot.js-4 14.5MB/s ± 0%
JS/sample_jquery.js-4 24.8MB/s ± 0%
JS/sample_jqueryui.js-4 23.0MB/s ± 0%
JS/sample_moment.js-4 28.6MB/s ± 0%
JSON/sample_large.json-4 234MB/s ± 0%
JSON/sample_testsuite.json-4 394MB/s ± 0%
JSON/sample_twitter.json-4 63.0MB/s ± 0%
SVG/sample_arctic.svg-4 42.4MB/s ± 0%
SVG/sample_gopher.svg-4 19.0MB/s ± 0%
SVG/sample_usa.svg-4 17.8MB/s ± 0%
SVG/sample_car.svg-4 29.3MB/s ± 0%
SVG/sample_tiger.svg-4 12.2MB/s ± 0%
XML/sample_books.xml-4 81.0MB/s ± 0%
XML/sample_catalog.xml-4 58.6MB/s ± 0%
XML/sample_omg.xml-4 159MB/s ± 0%
HTML (with JS and CSS) minification typically shaves off about 10%.
The HTML5 minifier uses these minifications:
html
, head
, body
, ...)tr
, td
, li
, ... and often p
)http:
, https:
and javascript:
)doctype
and meta
charsetOptions:
KeepSpecialComments
preserve all special comments, including Server Side Includes such as <!--#include file="header.html" -->
and IE conditional comments such as <!--[if IE 6]><![endif]-->
and <![if IE 6]><![endif]>
, see https://msdn.microsoft.com/en-us/library/ms537512(v=vs.85).aspx#syntaxKeepDefaultAttrVals
preserve default attribute values such as <script type="application/javascript">
KeepDocumentTags
preserve html
, head
and body
tagsKeepEndTags
preserve all end tagsKeepQuotes
preserve quotes around attribute valuesKeepWhitespace
preserve whitespace between inline tags but still collapse multiple whitespace characters into oneTemplateDelims
preserve context within and surrounding the given opening and closing delimitersAfter recent benchmarking and profiling it became really fast and minifies pages in the 10ms range, making it viable for on-the-fly minification.
However, be careful when doing on-the-fly minification. Minification typically trims off 10% and does this at worst around about 20MB/s. This means users have to download slower than 2MB/s to make on-the-fly minification worthwhile. This may or may not apply in your situation. Rather use caching!
The whitespace removal mechanism collapses all sequences of whitespace (spaces, newlines, tabs) to a single space. If the sequence contained a newline or carriage return it will collapse into a newline character instead. It trims all text parts (in between tags) depending on whether it was preceded by a space from a previous piece of text and whether it is followed up by a block element or an inline element. In the former case we can omit spaces while for inline elements whitespace has significance.
Make sure your HTML doesn't depend on whitespace between block
elements that have been changed to inline
or inline-block
elements using CSS. Your layout should not depend on those whitespaces as the minifier will remove them. An example is a menu consisting of multiple <li>
that have display:inline-block
applied and have whitespace in between them. It is bad practise to rely on whitespace for element positioning anyways!
Minification typically shaves off about 10%-15%. This CSS minifier will not do structural changes to your stylesheets. Although this could result in smaller files, the complexity is quite high and the risk of breaking website is high too.
The CSS minifier will only use safe minifications:
/*! ... */
which usually contains the license)margin
, padding
and border-width
number of sides+
and zeros and rewriting with/without exponentrgb(
, rgba(
, hsl(
and hsla(
colors to hex or nametransparent
→ #0000
)normal
and bold
by numbers for font-weight
and font
none
→ 0
for border
, background
and outline
background
and font
It does purposely not use the following techniques:
font-weight
within an already existing font
, too complex)!important
)margin-top
, margin-right
, margin-bottom
and margin-left
→ margin
)body > div#elem p
→ #elem p
)div[id=a]
→ div#a
)There are a couple of comparison tables online, such as CSS Minifier Comparison, CSS minifiers comparison and CleanCSS tests. Comparing speed between each, this minifier will usually be between 10x-300x faster than existing implementations, and even rank among the top for minification ratios. It falls short with the purposely not implemented and often unsafe techniques.
Options:
KeepCSS2
prohibits using CSS3 syntax (such as exponents in numbers, or rgba(
→ rgb(
), might be incompletePrecision
number of significant digits to preserve for numbers, 0
means no trimmingThe JS minifier typically shaves off about 35% -- 65% of filesize depending on the file, which is a compression close to many other minifiers. Common speeds of PHP and JS implementations are about 100-300kB/s (see Uglify2, Adventures in PHP web asset minimization). This implementation is orders of magnitude faster at around ~25MB/s.
The following features are implemented:
true
, false
, and undefined
to !0
, !1
and void 0
var
declarations to the top of the global/function scope (if more than one)return
and throw
Options:
KeepVarNames
keeps variable names as they are and omits shortening variable namesPrecision
number of significant digits to preserve for numbers, 0
means no trimmingVersion
ECMAScript version to use for output, 0
is the latestPerformance is measured with time [command]
ran 10 times and selecting the fastest one, on a Thinkpad T460 (i5-6300U quad-core 2.4GHz running Arch Linux) using Go 1.15.
minify -o script.min.js script.js
esbuild --minify --outfile=script.min.js script.js
terser script.js --compress --mangle -o script.min.js
uglifyjs --compress --mangle -o script.min.js script.js
closure-compiler -O SIMPLE --js script.js --js_output_file script.min.js --language_in ECMASCRIPT_NEXT -W QUIET --jscomp_off=checkVars
optimization level SIMPLE
instead of ADVANCED
to make similar assumptions as do the other tools (do not rename/assume anything of global level variables)All tools give very similar results, although UglifyJS compresses slightly better.
Tool | ace.js | dot.js | jquery.js | jqueryui.js | moment.js |
---|---|---|---|---|---|
minify | 53.7% | 64.8% | 34.2% | 51.3% | 34.8% |
esbuild | 53.8% | 66.3% | 34.4% | 53.1% | 34.8% |
terser | 53.2% | 65.2% | 34.2% | 51.8% | 34.7% |
UglifyJS | 53.1% | 64.7% | 33.8% | 50.7% | 34.2% |
Closure Compiler | 53.4% | 64.0% | 35.7% | 53.6% | 34.3% |
Most tools are extremely slow, with minify
and esbuild
being orders of magnitudes faster.
Tool | ace.js | dot.js | jquery.js | jqueryui.js | moment.js |
---|---|---|---|---|---|
minify | 49ms | 5ms | 22ms | 35ms | 13ms |
esbuild | 64ms | 9ms | 31ms | 51ms | 17ms |
terser | 2900s | 180ms | 1400ms | 2200ms | 730ms |
UglifyJS | 3900ms | 210ms | 2000ms | 3100ms | 910ms |
Closure Compiler | 6100ms | 2500ms | 4400ms | 5300ms | 3500ms |
Minification typically shaves off about 15% of filesize for common indented JSON such as generated by JSON Generator.
The JSON minifier only removes whitespace, which is the only thing that can be left out, and minifies numbers (1000
=> 1e3
).
Options:
Precision
number of significant digits to preserve for numbers, 0
means no trimmingKeepNumbers
do not minify numbers if set to true
, by default numbers will be minifiedThe SVG minifier uses these minifications:
doctype
, XML prelude, metadata
px
unitpath
dataTODO:
Options:
Precision
number of significant digits to preserve for numbers, 0
means no trimmingThe XML minifier uses these minifications:
Options:
KeepWhitespace
preserve whitespace between inline tags but still collapse multiple whitespace characters into oneAny input stream is being buffered by the minification functions. This is how the underlying buffer package inherently works to ensure high performance. The output stream however is not buffered. It is wise to preallocate a buffer as big as the input to which the output is written, or otherwise use bufio
to buffer to a streaming writer.
Retrieve a minifier struct which holds a map of mediatype → minifier functions.
m := minify.New()
The following loads all provided minifiers.
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"), js.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
You can set options to several minifiers.
m.Add("text/html", &html.Minifier{
KeepDefaultAttrVals: true,
KeepWhitespace: true,
})
Minify from an io.Reader
to an io.Writer
for a specific mediatype.
if err := m.Minify(mediatype, w, r); err != nil {
panic(err)
}
Minify from and to a []byte
for a specific mediatype.
b, err = m.Bytes(mediatype, b)
if err != nil {
panic(err)
}
Minify from and to a string
for a specific mediatype.
s, err = m.String(mediatype, s)
if err != nil {
panic(err)
}
Get a minifying reader for a specific mediatype.
mr := m.Reader(mediatype, r)
if _, err := mr.Read(b); err != nil {
panic(err)
}
Get a minifying writer for a specific mediatype. Must be explicitly closed because it uses an io.Pipe
underneath.
mw := m.Writer(mediatype, w)
if mw.Write([]byte("input")); err != nil {
panic(err)
}
if err := mw.Close(); err != nil {
panic(err)
}
Minify resources on the fly using middleware. It passes a wrapped response writer to the handler that removes the Content-Length header. The minifier is chosen based on the Content-Type header or, if the header is empty, by the request URI file extension. This is on-the-fly processing, you should preferably cache the results though!
fs := http.FileServer(http.Dir("www/"))
http.Handle("/", m.Middleware(fs))
Add a minifier for a specific mimetype.
type CustomMinifier struct {
KeepLineBreaks bool
}
func (c *CustomMinifier) Minify(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
}
m.Add(mimetype, &CustomMinifier{KeepLineBreaks: true})
// or
m.AddRegexp(regexp.MustCompile("/x-custom$"), &CustomMinifier{KeepLineBreaks: true})
Add a minify function for a specific mimetype.
m.AddFunc(mimetype, func(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
})
m.AddFuncRegexp(regexp.MustCompile("/x-custom$"), func(m *minify.M, w io.Writer, r io.Reader, params map[string]string) error {
// ...
return nil
})
Add a command cmd
with arguments args
for a specific mimetype.
m.AddCmd(mimetype, exec.Command(cmd, args...))
m.AddCmdRegexp(regexp.MustCompile("/x-custom$"), exec.Command(cmd, args...))
Using the params map[string]string
argument one can pass parameters to the minifier such as seen in mediatypes (type/subtype; key1=val2; key2=val2
). Examples are the encoding or charset of the data. Calling Minify
will split the mimetype and parameters for the minifiers for you, but MinifyMimetype
can be used if you already have them split up.
Minifiers can also be added using a regular expression. For example a minifier with image/.*
will match any image mime.
Basic example that minifies from stdin to stdout and loads the default HTML, CSS and JS minifiers. Optionally, one can enable java -jar build/compiler.jar
to run for JS (for example the ClosureCompiler). Note that reading the file into a buffer first and writing to a pre-allocated buffer would be faster (but would disable streaming).
package main
import (
"log"
"os"
"os/exec"
"github.com/tdewolff/minify/v2"
"github.com/tdewolff/minify/v2/css"
"github.com/tdewolff/minify/v2/html"
"github.com/tdewolff/minify/v2/js"
"github.com/tdewolff/minify/v2/json"
"github.com/tdewolff/minify/v2/svg"
"github.com/tdewolff/minify/v2/xml"
)
func main() {
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"), js.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
if err := m.Minify("text/html", os.Stdout, os.Stdin); err != nil {
panic(err)
}
}
Below are some examples of using common external minifiers.
See Closure Compiler Application. Not tested.
m.AddCmdRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"),
exec.Command("java", "-jar", "build/compiler.jar"))
See UglifyJS.
m.AddCmdRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"),
exec.Command("uglifyjs"))
See esbuild.
m.AddCmdRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"),
exec.Command("esbuild", "$in.js", "--minify", "--outfile=$out.js"))
Custom minifier showing an example that implements the minifier function interface. Within a custom minifier, it is possible to call any minifier function (through m minify.Minifier
) recursively when dealing with embedded resources.
package main
import (
"bufio"
"fmt"
"io"
"log"
"strings"
"github.com/tdewolff/minify/v2"
)
func main() {
m := minify.New()
m.AddFunc("text/plain", func(m *minify.M, w io.Writer, r io.Reader, _ map[string]string) error {
// remove newlines and spaces
rb := bufio.NewReader(r)
for {
line, err := rb.ReadString('\n')
if err != nil && err != io.EOF {
return err
}
if _, errws := io.WriteString(w, strings.Replace(line, " ", "", -1)); errws != nil {
return errws
}
if err == io.EOF {
break
}
}
return nil
})
in := "Because my coffee was too cold, I heated it in the microwave."
out, err := m.String("text/plain", in)
if err != nil {
panic(err)
}
fmt.Println(out)
// Output: Becausemycoffeewastoocold,Iheateditinthemicrowave.
}
func main() {
m := minify.New()
m.AddFunc("text/css", css.Minify)
m.AddFunc("text/html", html.Minify)
m.AddFunc("image/svg+xml", svg.Minify)
m.AddFuncRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"), js.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]json$"), json.Minify)
m.AddFuncRegexp(regexp.MustCompile("[/+]xml$"), xml.Minify)
fs := http.FileServer(http.Dir("www/"))
http.Handle("/", m.MiddlewareWithError(fs))
}
func handleError(w http.ResponseWriter, r *http.Request, err error) {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
In order to properly handle minify errors, it is necessary to close the response writer since all writes are concurrently handled. There is no need to check errors on writes since they will be returned on closing.
func main() {
m := minify.New()
m.AddFunc("text/html", html.Minify)
m.AddFuncRegexp(regexp.MustCompile("^(application|text)/(x-)?(java|ecma)script$"), js.Minify)
input := `<script>const i = 1_000_</script>` // Faulty JS
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
m.Middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
_, _ = w.Write([]byte(input))
if err = w.(io.Closer).Close(); err != nil {
panic(err)
}
})).ServeHTTP(rec, req)
}
func Serve(w http.ResponseWriter, r *http.Request) {
mw := m.ResponseWriter(w, r)
defer mw.Close()
w = mw
http.ServeFile(w, r, path.Join("www", r.URL.Path))
}
ResponseWriter example which returns a ResponseWriter that minifies the content and then writes to the original ResponseWriter. Any write after applying this filter will be minified.
type MinifyResponseWriter struct {
http.ResponseWriter
io.WriteCloser
}
func (m MinifyResponseWriter) Write(b []byte) (int, error) {
return m.WriteCloser.Write(b)
}
// MinifyResponseWriter must be closed explicitly by calling site.
func MinifyFilter(mediatype string, res http.ResponseWriter) MinifyResponseWriter {
m := minify.New()
// add minfiers
mw := m.Writer(mediatype, res)
return MinifyResponseWriter{res, mw}
}
// Usage
func(w http.ResponseWriter, req *http.Request) {
w = MinifyFilter("text/html", w)
if _, err := io.WriteString(w, "<p class="message"> This HTTP response will be minified. </p>"); err != nil {
panic(err)
}
if err := w.Close(); err != nil {
panic(err)
}
// Output: <p class=message>This HTTP response will be minified.
}
Here's an example of a replacement for template.ParseFiles
from template/html
, which automatically minifies each template before parsing it.
Be aware that minifying templates will work in most cases but not all. Because the HTML minifier only works for valid HTML5, your template must be valid HTML5 of itself. Template tags are parsed as regular text by the minifier.
func compileTemplates(filenames ...string) (*template.Template, error) {
m := minify.New()
m.AddFunc("text/html", html.Minify)
var tmpl *template.Template
for _, filename := range filenames {
name := filepath.Base(filename)
if tmpl == nil {
tmpl = template.New(name)
} else {
tmpl = tmpl.New(name)
}
b, err := os.ReadFile(filename)
if err != nil {
return nil, err
}
mb, err := m.Bytes("text/html", b)
if err != nil {
return nil, err
}
tmpl.Parse(string(mb))
}
return tmpl, nil
}
Example usage:
templates := template.Must(compileTemplates("view.html", "home.html"))
While you might expect the minified output to be on a single line for it to be fully minified, this is not true. In many cases, using a literal newline doesn't affect the file size, and in some cases it may even reduce the file size.
A typical example is HTML. Whitespace is significant in HTML, meaning that spaces and newlines between or around tags may affect how they are displayed. There is no distinction between a space or a newline and they may be interchanged without affecting the displayed HTML. Remember that a space (0x20) and a newline (0x0A) are both one byte long, so that there is no difference in file size when interchanging them. This minifier removes unnecessary whitespace by replacing stretches of spaces and newlines by a single whitespace character. Specifically, if the stretch of white space characters contains a newline, it will replace it by a newline and otherwise by a space. This doesn't affect the file size, but may help somewhat for debugging or file transmission objectives.
Another example is JavaScript. Single or double quoted string literals may not contain newline characters but instead need to escape them as \n
. These are two bytes instead of a single newline byte. Using template literals it is allowed to have literal newline characters and we can use that fact to shave-off one byte! The result is that the minified output contains newlines instead of escaped newline characters, which makes the final file size smaller. Of course, changing from single or double quotes to template literals depends on other factors as well, and this minifier makes a calculation whether the template literal results in a shorter file size or not before converting a string literal.
Released under the MIT license.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.