Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@luvio/bundlesize
Advanced tools
This module is based on the [bundlesize](https://github.com/siddharthkp/bundlesize) package. Adding some customizations for specific to checks in the LDS projects files.
This module is based on the bundlesize package. Adding some customizations for specific to checks in the LDS projects files.
LDS projects only generate the development versions of the files, this package allows to check the size of the bundle in dev (none), minified (min) and compressed using brotli (compressed).
npm install @luvio/bundlesize --save-dev
# or
yarn add @luvio/bundlesize --dev
Add it to your scripts in package.json
"scripts": {
"test": "luvioBundlesize"
}
luvioBundlesize
accepts an array of files to check.
[
{
"path": "./build/vendor.js",
"maxSize": {
"none": "30 kB"
"min": "10 kB",
"compressed": "3 kB"
}
},
{
"path": "./build/chunk-*.js",
"maxSize": {
"none": "10 kB"
"min": "4 kB",
"compressed": "2 kB"
}
}
]
You can keep this array either in
package.json
{
"name": "your cool library",
"version": "1.1.2",
"luvioBundlesize": [
{
"path": "./build/vendor.js",
"maxSize": {
"none": "30 kB"
"min": "10 kB",
"compressed": "3 kB"
}
}
]
}
or in a separate file
luvioBundlesize.config.json
Format:
{
"files": [
{
"path": "./dist.js",
"maxSize": {
"compressed": "3 kB"
}
}
]
}
Fuzzy matching
If the names of your build files are not predictable, you can use the glob pattern to specify files.
This is common if you append a hash to the name or use a tool like create-react-app/nextjs.
{
"files": [
{
"path": "build/**/main-*.js",
"maxSize": {
"compressed": "1 kB"
}
},
{
"path": "build/**/*.chunk.js",
"maxSize": {
"min": "10 kB"
"compressed": "3 kB"
}
}
]
}
It will match multiple files if necessary and create a new row for each file.
FAQs
This module is based on the [bundlesize](https://github.com/siddharthkp/bundlesize) package. Adding some customizations for specific to checks in the LDS projects files.
We found that @luvio/bundlesize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.