You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies



Guardian advertising business logic

Version published
Weekly downloads
decreased by-66.82%
Weekly downloads




This package contains the code for the commercial bundle that is loaded on all pages on


To install the package, run yarn add @guardian/commercial.



  • Node
    • see .nvmrc for the current version
    • the version manager fnm is recommended with additional configuration to automatically switch on changing directory
  • pnpm


To install dependencies, run pnpm.

To develop locally, run pnpm serve to start a local server. This will watch for changes and rebuild the bundle. Serving it at http://localhost:3031.


This repository uses changesets for version management

To release a new version with your changes, run pnpm changeset add and follow the prompts. This will create a new changeset file in the .changeset directory. Commit this file with your PR.

When your PR is merged, changeset will analyse the changes and create a PR to release the new version.

Bumping @guardian/commercial in Frontend

Run this script to raise a PR that bumps @guardian/commercial in Frontend to the specified version.

Execute the script as follows:

./scripts/ [VERSION_NUMBER]


./scripts/ 11.11.1

This will automatically create a pull request in the Frontend repository.

Pull requests

Try to write PR titles in the conventional commit format, and squash and merge when merging. That way your PR will trigger a release when you merge it (if necessary).

Working locally with DCR

  1. To point DCR to the local commercial bundle, in the dotcom-rendering/dotcom-rendering directory run:

    COMMERCIAL_BUNDLE_URL=http://localhost:3031/graun.standalone.commercial.js PORT=3030 make dev

    This will override commercialBundleUrl passed via the page config from PROD/CODE.

  2. In another terminal start the commercial dev server to serve the local bundle:

    pnpm serve

Testing locally with DCR

To run the unit tests:

pnpm test

To run the Playwright e2e tests:

Follow the steps above to run DCR against the local bundle.

pnpm playwright:run will run the tests on the command line

pnpm playwright:open will open the Playwright UI so you can inspect the tests as they run

Working locally with Frontend

To use the bundle locally with Frontend, you can override your default Frontend configuration (see the Frontend docs for more detail on this) to point to a local commercial dev server. For example, save the following in ~/.gu/frontend.conf:

devOverrides {

Frontend will then use the local bundle instead of the one from PROD/CODE. Frontend will pass the local bundle URL along to DCR, so you don't have to override there if you've done it in Frontend.


To use the production bundle locally with Frontend, run pnpm link in the bundle directory. Then run yarn link @guardian/commercial in the frontend directory. Finally, start the frontend server as usual.

Frontend will then use the local bundle instead of the one from PROD/CODE.

Testing on CODE

To test the bundle on CODE, create a PR, add the [beta] @guardian/commercial label, this will release a beta version of the bundle to NPM, the exact version will be commented on your PR.

In order to do this, first run: pnpm changeset add, again, This will create a new changeset file in the .changeset directory. Commit this file with your PR.

Note: Once the beta version is released, the label will be removed from the PR, so you will need to add it again if you want to release subsequent new versions.

On a branch on frontend you can update the version of the bundle to the beta version and deploy to CODE to test.


Package last updated on 17 Jul 2024

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc