Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@ngtools/webpack
Advanced tools
Webpack plugin that AoT compiles your Angular components and modules.
The @ngtools/webpack package is an Angular compiler plugin for Webpack. It allows developers to use the Angular compiler within a Webpack build process. This integration facilitates tasks such as Ahead-of-Time (AOT) compilation, lazy loading, and other Angular-specific optimizations directly within a Webpack workflow.
Ahead-of-Time (AOT) Compilation
This feature enables the Angular compiler to compile the application components ahead of time, converting Angular HTML and TypeScript code into efficient JavaScript code during the build process. This reduces the runtime processing by pre-compiling templates and components.
const { AngularCompilerPlugin } = require('@ngtools/webpack');
module.exports = {
entry: './src/main.ts',
resolve: {
extensions: ['.ts', '.js']
},
module: {
rules: [
{
test: /\.ts$/,
loader: '@ngtools/webpack'
}
]
},
plugins: [
new AngularCompilerPlugin({
tsConfigPath: './tsconfig.json',
entryModule: './src/app/app.module#AppModule',
sourceMap: true
})
]
};
Lazy Loading
Lazy loading is a technique to initialize components or modules only when they are needed, which can significantly reduce the initial load time of an application. The @ngtools/webpack package supports lazy loading by integrating with Angular's routing mechanism.
const { AngularCompilerPlugin } = require('@ngtools/webpack');
module.exports = {
// Configuration options...
plugins: [
new AngularCompilerPlugin({
// Plugin options...
lazyModules: ['/path/to/lazy/module#ModuleName']
})
]
};
Similar to @ngtools/webpack, awesome-typescript-loader is a loader for Webpack that allows you to transpile TypeScript into JavaScript. While it provides TypeScript compilation like @ngtools/webpack, it lacks the deep integration with Angular's compiler for features like AOT compilation and lazy loading.
This loader for Webpack enables lazy loading for Angular applications by allowing asynchronous loading of Angular modules through the router. It's similar to the lazy loading feature of @ngtools/webpack but is more focused and does not include other Angular-specific optimizations.
Webpack 5.x plugin for the Angular Ahead-of-Time compiler. The plugin also supports Angular JIT mode. When this plugin is used outside of the Angular CLI, the Ivy linker will also be needed to support the usage of Angular libraries. An example configuration of the Babel-based Ivy linker is provided in the linker section. For additional information regarding the linker, please see: https://angular.dev/tools/libraries/creating-libraries#consuming-partial-ivy-code-outside-the-angular-cli
In your webpack config, add the following plugin and loader.
import { AngularWebpackPlugin } from '@ngtools/webpack';
exports = {
/* ... */
module: {
rules: [
/* ... */
{
test: /\.[jt]sx?$/,
loader: '@ngtools/webpack',
},
],
},
plugins: [
new AngularWebpackPlugin({
tsconfig: 'path/to/tsconfig.json',
// ... other options as needed
}),
],
};
The loader works with webpack plugin to compile the application's TypeScript. It is important to include both, and to not include any other TypeScript loader.
tsconfig
[default: tsconfig.json
] - The path to the application's TypeScript Configuration file. In the tsconfig.json
, you can pass options to the Angular Compiler with angularCompilerOptions
. Relative paths will be resolved from the Webpack compilation's context.compilerOptions
[default: none] - Overrides options in the application's TypeScript Configuration file (tsconfig.json
).jitMode
[default: false
] - Enables JIT compilation and do not refactor the code to bootstrap. This replaces templateUrl: "string"
with template: require("string")
(and similar for styles) to allow for webpack to properly link the resources.directTemplateLoading
[default: true
] - Causes the plugin to load component templates (HTML) directly from the filesystem. This is more efficient if only using the raw-loader
to load component templates. Do not enable this option if additional loaders are configured for component templates.fileReplacements
[default: none] - Allows replacing TypeScript files with other TypeScript files in the build. This option acts on fully resolved file paths.inlineStyleFileExtension
[default: none] - When set inline component styles will be processed by Webpack as files with the provided extension.The Ivy linker can be setup by using the Webpack babel-loader
package.
If not already installed, add the babel-loader
package using your project's package manager.
Then in your webpack config, add the babel-loader
with the following configuration.
If the babel-loader
is already present in your configuration, the linker plugin can be added to
the existing loader configuration as well.
Enabling caching for the babel-loader
is recommended to avoid reprocessing libraries on
every build.
For additional information regarding the babel-loader
package, please see: https://github.com/babel/babel-loader/tree/main#readme
import linkerPlugin from '@angular/compiler-cli/linker/babel';
exports = {
/* ... */
module: {
rules: [
/* ... */
{
test: /\.[cm]?js$/,
use: {
loader: 'babel-loader',
options: {
cacheDirectory: true,
compact: false,
plugins: [linkerPlugin],
},
},
},
],
},
};
FAQs
Webpack plugin that AoT compiles your Angular components and modules.
The npm package @ngtools/webpack receives a total of 2,399,454 weekly downloads. As such, @ngtools/webpack popularity was classified as popular.
We found that @ngtools/webpack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.