Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@ecapp/webpack
Advanced tools
Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset.
Install with npm:
npm install --save-dev webpack
Install with yarn:
yarn add webpack --dev
webpack is a bundler for modules. The main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset.
TL;DR
Check out webpack's quick Get Started guide and the other guides.
webpack supports all browsers that are ES5-compliant (IE8 and below are not supported).
webpack also needs Promise
for import()
and require.ensure()
. If you want to support older browsers, you will need to load a polyfill before using these expressions.
webpack has a rich plugin interface. Most of the features within webpack itself use this plugin interface. This makes webpack very flexible.
Name | Status | Install Size | Description |
---|---|---|---|
mini-css-extract-plugin | Extracts CSS into separate files. It creates a CSS file per JS file which contains CSS. | ||
compression-webpack-plugin | Prepares compressed versions of assets to serve them with Content-Encoding | ||
i18n-webpack-plugin | Adds i18n support to your bundles | ||
html-webpack-plugin | Simplifies creation of HTML files (index.html ) to serve your bundles | ||
extract-text-webpack-plugin | Extract text from a bundle, or bundles, into a separate file |
webpack enables use of loaders to preprocess files. This allows you to bundle any static resource way beyond JavaScript. You can easily write your own loaders using Node.js.
Loaders are activated by using loadername!
prefixes in require()
statements,
or are automatically applied via regex from your webpack configuration.
Name | Status | Install Size | Description |
---|---|---|---|
raw-loader | Loads raw content of a file (utf-8) | ||
val-loader | Executes code as module and considers exports as JS code | ||
url-loader | Works like the file loader, but can return a Data Url if the file is smaller than a limit | ||
file-loader | Emits the file into the output folder and returns the (relative) url |
Name | Status | Install Size | Description |
---|---|---|---|
Loads a JSON file (included by default) | |||
Loads and transpiles a JSON 5 file | |||
Loads and transpiles a CSON file |
Name | Status | Install Size | Description |
---|---|---|---|
<script> | Executes a JavaScript file once in global context (like in script tag), require() s are not parsed | ||
Loads ES2015+ code and transpiles to ES5 using Babel | |||
Loads ES2015+ code and transpiles to ES5 using Traceur | |||
Loads TypeScript like JavaScript | |||
awesome-typescript-loader | Awesome TypeScript loader for webpack | ||
Loads CoffeeScript like JavaScript |
Name | Status | Install Size | Description |
---|---|---|---|
Exports HTML as string, requires references to static resources | |||
Loads Pug templates and returns a function | |||
Loads Jade templates and returns a function | |||
Compiles Markdown to HTML | |||
Loads and transforms a HTML file using PostHTML | |||
Compiles Handlebars to HTML |
Name | Status | Install Size | Description |
---|---|---|---|
<style> | Add exports of a module as style to DOM | ||
Loads CSS file with resolved imports and returns CSS code | |||
Loads and compiles a LESS file | |||
Loads and compiles a Sass/SCSS file | |||
Loads and compiles a Stylus file | |||
Loads and transforms a CSS/SSS file using PostCSS |
Name | Status | Install Size | Description |
---|---|---|---|
Tests with mocha (Browser/NodeJS) | |||
PreLoader for linting code using ESLint | |||
PreLoader for linting code using JSHint |
webpack uses async I/O and has multiple caching levels. This makes webpack fast and incredibly fast on incremental compilations.
webpack supports ES2015+, CommonJS and AMD modules out of the box. It performs clever static analysis on the AST of your code. It even has an evaluation engine to evaluate simple expressions. This allows you to support most existing libraries out of the box.
webpack allows you to split your codebase into multiple chunks. Chunks are loaded asynchronously at runtime. This reduces the initial loading time.
webpack can do many optimizations to reduce the output size of your JavaScript by deduplicating frequently used modules, minifying, and giving you full control of what is loaded initially and what is loaded at runtime through code splitting. It can also make your code chunks cache friendly by using hashes.
We want contributing to webpack to be fun, enjoyable, and educational for anyone, and everyone. We have a vibrant ecosystem that spans beyond this single repo. We welcome you to check out any of the repositories in our organization or webpack-contrib organization which houses all of our loaders and plugins.
Contributions go far beyond pull requests and commits. Although we love giving you the opportunity to put your stamp on webpack, we also are thrilled to receive a variety of other contributions including:
If you are worried or don't know where to start, you can always reach out to Sean Larkin (@TheLarkInn) on Twitter or simply submit an issue and a maintainer can help give you guidance!
We have also started a series on our Medium Publication called The Contributor's Guide to webpack. We welcome you to read it and post any questions or responses if you still need help.
Looking to speak about webpack? We'd love to review your talk abstract/CFP! You can email it to webpack [at] opencollective [dot] com and we can give pointers or tips!!!
If you create a loader or plugin, we would <3 for you to open source it, and put it on npm. We follow the x-loader
, x-webpack-plugin
naming convention.
We consider webpack to be a low-level tool used not only individually but also layered beneath other awesome tools. Because of its flexibility, webpack isn't always the easiest entry-level solution, however we do believe it is the most powerful. That said, we're always looking for ways to improve and simplify the tool without compromising functionality. If you have any ideas on ways to accomplish this, we're all ears!
If you're just getting started, take a look at our new docs and concepts page. This has a high level overview that is great for beginners!!
Looking for webpack 1 docs? Please check out the old wiki, but note that this deprecated version is no longer supported.
If you want to discuss something or just need help, here is our Gitter room where there are always individuals looking to help out!
If you are still having difficulty, we would love for you to post a question to StackOverflow with the webpack tag. It is much easier to answer questions that include your webpack.config.js and relevant files! So if you can provide them, we'd be extremely grateful (and more likely to help you find the answer!)
If you are twitter savvy you can tweet #webpack with your question and someone should be able to reach out and help also.
If you have discovered a 🐜 or have a feature suggestion, feel free to create an issue on Github.
Tobias Koppers Core Founder of webpack |
Johannes Ewald Loaders & Plugins Early adopter of webpack |
Sean T. Larkin Public Relations Founder of the core team |
Kees Kluskens Development Sponsor |
Most of the core team members, webpack contributors and contributors in the ecosystem do this open source work in their free time. If you use webpack for a serious task, and you'd like us to invest more time on it, please donate. This project increases your income/productivity too. It makes development and applications faster and it reduces the required bandwidth.
This is how we use the donations:
Before we started using OpenCollective, donations were made anonymously. Now that we have made the switch, we would like to acknowledge these sponsors (and the ones who continue to donate using OpenCollective). If we've missed someone, please send us a PR, and we'll add you to this list.
Become a gold sponsor and get your logo on our README on Github with a link to your site.
Become a silver sponsor and get your logo on our README on Github with a link to your site.
Become a bronze sponsor and get your logo on our README on Github with a link to your site.
Become a backer and get your image on our README on Github with a link to your site.
(In chronological order)
FAQs
Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
We found that @ecapp/webpack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.