Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@americanexpress/one-app-bundler
Advanced tools
A command line interface(CLI) tool for bundling One App and its modules.
A command line interface(CLI) tool for bundling One App and One App modules.
To build a React component for usage as a One App module:
Install:
npm i -D @americanexpress/one-app-bundler
Run the bundle-module
script as part of your build. This script is provided by one-app-bundler
:
{
"scripts": {
"build": "bundle-module",
"prepare": "npm run build"
}
}
When bundling a One App module, some options can be applied by adding a bundler
config object to a one-amex
section
within package.json
:
{
"one-amex": {
"bundler": {
}
}
}
providedExternals
& requiredExternals
In order to avoid duplicate code in your One App instance, you may want to
share a dependency across all your modules that is not already provided by One
App. These dependencies can be provided to your modules by your root
module. The root module should include in its configuration
providedExternals
, which is an array of external dependencies to be bundled
with it and provided to other modules.
Modules shouldn't configure both providedExternals
and requiredExternals
.
Remember providedExternals
are dependencies which your root module will make available to child modules. requiredExternals
are a list of dependencies the child module will need to be made available by the root module.
All modules requiredExternals
are validated at runtime against the root modules list of providedExternals
. If the external dependency is not provided One App will throw an error. This will either result in the One App server not starting or, if it is already running, One App will not load that module. For example, if your child module requires ^2.1.0
of a dependency but your root module provides 2.0.0
, this will result in One App not loading that child module as the provided dependencies version does not satisfy the required semantic range.
This ensures that all of the listed dependencies features potentially required by the child module to work will be provided which could result in hard to debug bugs.
If you attempt to include one of the dependencies provided by One App in your providedExternals
or requiredExternals
, your build will fail.
First make sure to add your dependency to your module's package.json
:
npm install some-dependency
Then configure one-app-bundler
to provide that dependency (and any others) as an external to your other modules:
{
"one-amex": {
"bundler": {
"providedExternals": ["some-dependency", "another-dependency"]
}
}
}
Modules consuming these external dependencies must declare what they expect the
root module to provide by setting the requiredExternals
option. Any dependency
listed there will not be bundled with the module, but will be replaced with a
reference to the external dependency as provided by the root module.
Before doing so make sure to add said dependency to your package.json
:
npm install some-dependency
{
"one-amex": {
"bundler": {
"requiredExternals": ["some-dependency"]
}
}
}
Pros:
Cons:
performanceBudget
Set a custom performance budget
for your client module build. The default value is 250e3
(244kB).
{
"one-amex": {
"bundler": {
"performanceBudget": 500e3
}
}
}
webpackConfigPath, webpackClientConfigPath, & webpackServerConfigPath
You may extend the webpack configuration by providing paths to custom webpack config files in this option. Use of this option is at your own risk.
There are two options when customizing your webpack build.
webpackConfigPath
to apply a custom config to both your client and server builds.{
"one-amex": {
"bundler": {
"webpackConfigPath": "webpack.config.js"
}
}
}
webpackClientConfigPath
and/or webpackServerConfigPath
to apply different configs
to your client and server builds. You don't need to add both of these options.
You can pass only one if you wish to customize a single build target.{
"one-amex": {
"bundler": {
"webpackClientConfigPath": "webpack.client.config.js",
"webpackServerConfigPath": "webpack.server.config.js"
}
}
}
purgecss
OptionsYou may add additional paths for purgecss
to consider before stripping out
unused CSS by adding an array of glob patterns to bundler.purgecss.paths
under bundler.purgecss.paths
. The example below illustrates how we would add
some-lib
if we were applying custom styles to it in our module.
{
"one-amex": {
"bundler": {
"purgecss": {
"paths": ["node_modules/some-lib/src/**/*.{js,jsx}"]
}
}
}
}
Additional purgecss
options. Please refer to the purgecss Options Documentation
before enabling any of the following:
{
"one-amex": {
"bundler": {
"purgecss": {
"paths": ["node_modules/some-lib/src/**/*.{js,jsx}"],
"extractors": [{
"extractor": "purgeJs",
"extensions": [
"js"
]
}],
"fontFace": false,
"keyframes": false,
"variables": false,
"whitelist": [
"random",
"yep",
"button"
],
"whitelistPatterns": ["red"],
"whitelistPatternsChildren": ["blue"]
}
}
}
}
purgecss
can be disabled for your module by adding
bundler.purgecss.disabled
as true
. This option is only to be used in
rare instances and as a last resort, the effect of disabling will have a
negative impact on performance.
{
"one-amex": {
"bundler": {
"purgecss": {
"disabled": true
}
}
}
}
disableDevelopmentLegacyBundle
can be added to your bundler config and set to true to opt out of bundling the legacy
assets. This will reduce bundle size and build times. This is only configured to be removed when in development
. production
builds will not skip the legacy
build.
Caution as this will remove legacy browser support from your module.
{
"one-amex": {
"bundler": {
"disableDevelopmentLegacyBundle": true
}
}
}
You can specify which version of One App you module is compatible with by simply adding the below configuration to your package.json
.
{
"one-amex": {
"app": {
"compatibility": "^5.0.0"
},
}
}
The following scripts are provided by one-app-bundler
and used by one-app
.
npm run build:bundle
This would bundle one app.
npm run serve-module ../path-to-your-one-app-module
This would serve your module locally.
npm run drop-module ../path-to-your-one-app-module
This would stop serving your module locally.
FAQs
A command line interface(CLI) tool for bundling One App and its modules.
The npm package @americanexpress/one-app-bundler receives a total of 29 weekly downloads. As such, @americanexpress/one-app-bundler popularity was classified as not popular.
We found that @americanexpress/one-app-bundler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.