
Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
@rnx-kit/bundle-diff
Advanced tools
A simple tool for diffing two bundles. Useful for getting an overview of which files are included in one bundle but not the other. For example, comparing a bundle produced by Webpack vs. one produced by Metro.
rnx-bundle-diff <a.jsbundle.map> <b.jsbundle.map>
Example output:
+106 added /~/node_modules/@babel/runtime/helpers/arrayWithHoles.js
+96 added /~/node_modules/lodash-es/_realNames.js
+49 added /~/node_modules/@babel/runtime/regenerator/index.js
+1 changed /~/node_modules/react/index.js
-127 removed /~/node_modules/querystring-es3/index.js
-286 removed /~/node_modules/react-native/Libraries/Components/Picker/PickerAndroid.ios.js
-592 removed /~/node_modules/react-native/Libraries/Components/Sound/SoundManager.js
unknown added /~/packages/awesome-app/lib/index.js
Note that the numbers are in bytes, and based on the unminified code. They are meant to give an idea of how big the file is, but could differ wildly depending on a number of factors, including Babel plugins, Wepback config, TypeScript compilation options, indentation etc.
If you're using TypeScript, you need to tell tsc
to also include source
content in the source map:
// tsconfig.json
{
"compilerOptions": {
"inlineSources": true
}
}
If your project is using TypeScript and Webpack, you may experience that your
source maps don't properly map back to the source file. Try using
source-map-loader
to
clean up the paths:
// webpack.config.js
module.exports = {
module: {
rules: [
{
test: /\.(js|(js)?bundle)($|\?)/i,
enforce: "pre",
use: ["source-map-loader"],
},
],
},
};
FAQs
Simple tool for diffing the content of two bundles
We found that @rnx-kit/bundle-diff demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
Product
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
Product
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.