Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@networkteam/frontend-scripts
Advanced tools
A webpack based workflow to create frontend-assets.
To use this workflow in your projects, install the package with npm or yarn
npm install @networkteam/frontend-scripts
Add a .env
file with the variables:
BASE_PACKAGE_NAME=Base.Package.Name
SITE_PACKAGE_NAME=Site.Package.Name
Copy the scripts to your package.json:
"scripts": {
"build": "npm run webpack",
"build:dev": "npm run webpack:dev",
"start": "npm run webpack:watch",
"test": "npm run webpack:test",
"test-watch": "npm run webpack:test-watch",
"webpack": "networkteam-asset-build prod",
"webpack:dev": "networkteam-asset-build dev",
"webpack:watch": "networkteam-asset-build watch",
"webpack:test": "networkteam-asset-build test",
"webpack:test-watch": "networkteam-asset-build test-watch"
},
Webpack relies on four entry points to generate JS and CSS Assets:
Start the npm task:
npm start // file watcher with hot reload
npm run build:dev // Development build
npm run build // Production build
npm run test // Testing with code coverage recap
npm run test-watch // Run watcher for TDD
Note: Webpack generates a JS-File for every entry point including JS-Files. This will be improved in future Versions of webpack
The generated files will be copied to %PROJECTROOT%/Resources/Public/Dist
including the assets used in CSS (e.g. bg-images or fonts). The paths for the CSS Assets are automatically corrected to the new path by webpack.
This workflow automatically provides aliases for an easier import from different folders:
~baseStyles/main
to import main.scss)Every SVG-File located in %BASEROOT%/Resources/Private/Icons
will be included in an automatically generated Svgsprite. The sprite itself will be stored in %BASEROOT%/Resources/Public/Dist
and a SCSS-File can be found in %BASEROOT%/Resources/Private/Scss/_sprite.scss
. This SCSS-File includes the mixins to use the icon on every element (@include sprite(%FILENAME%)
) although this way is not encouraged due to repeated server requests.
To prevent Iconsprite from being built, use the --noIconSprite
Flag in your npm tasks
If you need a special configuration for your Project, you can add a custom webpack.js to your project root. It will be included automatically:
module.exports = function(env, args) {
return {
output: {
path: newOutputPath
}
};
};
To remove entry points from webpack, you can set them to null in your own configuration
By default a modernizr custom build is generated with setclasses
option and can be imported via
import Modernizr from 'modernizr'; // as named import
import 'modernizr'; // direct import
To extend the configuration and add tests and feature detections, create a .modernizrrc
in your Project Root:
module.exports = {
"feature-detects": [
"test/css/flexbox",
"test/es6/promises",
"test/serviceworker"
]
};
See full configuration possibilities
For unit testing create a file ${your-filename}.test.js
within your javascript folder.
Webpack will watch for files within the javascript directory ending on *.test.js
.
Run your tests by simply start npm run test
.
If you want to test with the BDD approach, you can start the script with npm run test-watch
.
This will reload the tests with every save.
We use chai
as assertion and sinon
as mocking library.
Within the testing environment you have access to the following global variables:
chai
sinon
expect
- the chai.expect
assert
- the chai.assert
sandbox
- the sinon.sandbox
You can also use window
and document
, as usual.
Here you get more information about Sinon and Chai - BDD
Example:
// Resources/Private/Javscript/Custom/Component/ComponentToTest.test.js
/*global describe, it, beforeEach, afterEach, sandbox*/
import ComponentToTest from './ComponentToTest';
describe('ComponentToTest', () => {
let component = null;
beforeEach(done => {
component = new ComponentToTest();
// do some stuff before each testing step
document.body.innerHTML = '<div id="myContainer"></<div>';
done();
});
afterEach(done => {
// do some stuff after each testing step
document.body.innerHTMl = '';
done();
});
describe('some tests with special attributes', () => {
it('it should do something', done => {
// do something with <component>
component.initialize();
// do some expectations concerning <component>.
expect(component).to.have.property('initialized').equals(true);
done();
});
});
}
}
FAQs
networkteam asset build scripts
The npm package @networkteam/frontend-scripts receives a total of 27 weekly downloads. As such, @networkteam/frontend-scripts popularity was classified as not popular.
We found that @networkteam/frontend-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.