Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@kdujs/canary
Advanced tools
kdu(.runtime).global(.prod).js
:
<script src="...">
in the browser. Exposes the Kdu
global.<script src="...">
.kdu.global.js
is the "full" build that includes both the compiler and the runtime so it supports compiling templates on the fly.kdu.runtime.global.js
contains only the runtime and requires templates to be pre-compiled during a build step.*.prod.js
files for production.kdu(.runtime).esm-browser(.prod).js
:
<script type="module">
.kdu(.runtime).esm-bundler.js
:
webpack
, rollup
and parcel
.process.env.NODE_ENV
guards (must be replaced by bundler)@kdujs/runtime-core
, @kdujs/runtime-compiler
)
esm-bundler
builds and will in turn import their dependencies (e.g. @kdujs/runtime-core
imports @kdujs/reactivity
)kdu.runtime.esm-bundler.js
(default) is runtime only, and requires all templates to be pre-compiled. This is the default entry for bundlers (via module
field in package.json
) because when using a bundler templates are typically pre-compiled (e.g. in *.kdu
files).kdu.esm-bundler.js
: includes the runtime compiler. Use this if you are using a bundler but still want runtime template compilation (e.g. in-DOM templates or templates via inline JavaScript strings). You will need to configure your bundler to alias kdu
to this file.Starting with 3.0.0, esm-bundler
builds now exposes global feature flags that can be overwritten at compile time:
__KDU_OPTIONS_API__
(enable/disable Options API support, default: true
)__KDU_PROD_DEVTOOLS__
(enable/disable devtools support in production, default: false
)The build will work without configuring these flags, however it is strongly recommended to properly configure them in order to get proper tree-shaking in the final bundle. To configure these flags:
define
optionNote: the replacement value must be boolean literals and cannot be strings, otherwise the bundler/minifier will not be able to properly evaluate the conditions.
kdu.cjs(.prod).js
:
require()
.target: 'node'
and properly externalize kdu
, this is the build that will be loaded.process.env.NODE_ENV
.FAQs
The progressive JavaScript framework for building modern web UI.
We found that @kdujs/canary demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.