
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
@empjs/cli
Advanced tools
EMP 是一个基于 Rspack 的高性能模块联邦框架,专注于微前端和组件共享,支持 React、Vue 等多框架。
^20.19.0 || >=22.12.010.x(推荐使用仓库根 packageManager 指定的 pnpm@10.33.0)# 使用 pnpm 安装(推荐)
pnpm i @empjs/cli
# 或使用 npm
npm i @empjs/cli
在 package.json 中添加以下脚本:
"scripts": {
"dev": "emp dev", // 开发模式
"build": "emp build", // 生产构建
"start": "emp serve", // 本地预览生产版本
"stat": "emp build --analyze", // 包体积分析
"emp": "emp" // EMP CLI 命令
}
# 启动开发服务器
pnpm dev
# 指定环境
pnpm dev --env test
# 显式开启热更新
pnpm dev --hot
# 注入环境变量
pnpm dev --env-vars API_URL=https://example.com
# 生产构建
pnpm build
# 分析包体积
pnpm stat
# watch 构建
pnpm build --watch
# watch 构建后启动本地预览
pnpm build --watch --serve
# 预览生产构建
pnpm start
{
"extends": "@empjs/cli/tsconfig/react",
"compilerOptions": {
"baseUrl": "./",
"paths": {
"@/*": ["src/*"],
"~@/*": ["src/*"]
},
// 解决 scss 的 css module 提示问题
"plugins": [
{
"name": "typescript-plugin-css-modules",
"options": {
"additionalData": "@import '~@/css/mixin';",
"allowUnknownClassnames": true
},
"postcssOptions": {
"useConfig": true
}
}
]
},
"include": ["src"]
}
import {defineConfig} from '@empjs/cli'
export default defineConfig(store => {
return {
// 配置 Rspack 链式操作
chain(chainConfig) {},
}
})
build.rspack 用于显式接入 Rspack 2 的新增能力。EMP 不会默认开启高风险实验能力,业务需要按场景配置。
import {defineConfig} from '@empjs/cli'
export default defineConfig(() => {
return {
build: {
// ESM library 输出会自动使用 output.library.type = 'modern-module'
useESM: true,
target: 'es2018',
// Rspack 2 支持 hashed module id;默认仍保持 development=named、production=deterministic
moduleIds: 'hashed',
rspack: {
// 函数级 tree-shaking;错误标记 pure function 会删除实际有副作用调用
experiments: {pureFunctions: true},
// 大 chunk 强制拆分阈值;会影响请求数量和产物拆分形态
splitChunks: {chunks: 'all', enforceSizeThreshold: 80000},
parser: {
javascript: {
// 给第三方库或不可改源码手动声明纯函数名
pureFunctions: ['createPureValue'],
},
css: {
// false 时保留 CSS @import,交给浏览器或下游工具处理
resolveImport: false,
},
},
swc: {
// 让 builtin:swc-loader 按文件扩展名推断 JS/TS/JSX/TSX parser
detectSyntax: 'auto',
},
},
},
}
})
import {defineConfig} from '@empjs/cli'
import pluginReact from '@empjs/plugin-react'
import {externalReact, pluginRspackEmpShare} from '@empjs/share'
export default defineConfig(store => {
const ip = store.server.ip
const port = 6001
return {
plugins: [
// 添加 React 插件支持
pluginReact(),
// 配置模块联邦共享
pluginRspackEmpShare({
name: 'mfHost',
// 暴露组件
exposes: {
'./App': './src/App',
'./CountComp': './src/CountComp',
'./Section': './src/component/Section',
},
// 生成清单文件
manifest: true,
// 生成类型声明
dts: {
generateTypes: true,
},
// 配置运行时
empRuntime: {
framework: {
global: 'EMP_ADAPTER_REACT',
libs: [`https://unpkg.com/@empjs/cdn-react@0.18.0/dist/reactRouter.${store.mode}.umd.js`],
},
runtime: {
lib: `http://${ip}:2100/sdk.js`,
},
setExternals: externalReact,
},
}),
],
define: {ip, port},
build: {
polyfill: {
mode: 'entry',
entryCdn: 'https://unpkg.com/@empjs/polyfill@0.0.2/dist/es.js',
browserslist: store.browserslistOptions.h5,
},
sourcemap: true,
},
server: {
port,
open: false,
hot: true,
},
debug: {
clearLog: false,
},
}
})
EMP 提供了强大的模块联邦功能,支持组件共享和微前端架构:
exposes 配置暴露组件remotes 配置加载远程组件dts 配置生成类型声明EMP 支持多种前端框架:
@empjs/plugin-react@empjs/plugin-vue2@empjs/plugin-vue3
FAQs
emp
The npm package @empjs/cli receives a total of 247 weekly downloads. As such, @empjs/cli popularity was classified as not popular.
We found that @empjs/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.