Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@rollup/plugin-html
Advanced tools
🍣 A Rollup plugin which creates HTML files to serve Rollup bundles.
Please see Supported Output Formats for information about using this plugin with output formats other than esm
(es
), iife
, and umd
.
This plugin requires an LTS Node version (v14.0.0+) and Rollup v1.20.0+.
Using npm:
npm install @rollup/plugin-html --save-dev
Create a rollup.config.js
configuration file and import the plugin:
const html = require('@rollup/plugin-html');
module.exports = {
input: 'src/index.js',
output: {
dir: 'output',
format: 'cjs'
},
plugins: [html()]
};
Then call rollup
either via the CLI or the API.
Once run successfully, an HTML file should be written to the bundle output destination.
addScriptsToHead
Type: Boolean
Default: false
Place scripts in the <head>
tag instead of <body>
.
attributes
Type: Object
Default: { html: { lang: 'en' }, link: null, script: null }
Specifies additional attributes for html
, link
, and script
elements. For each property, provide an object with key-value pairs that represent an HTML element attribute name and value. By default, the html
element is rendered with an attribute of lang="en"
.
Note: If using the es
/ esm
output format, { type: 'module'}
is automatically added to attributes.script
.
fileName
Type: String
Default: 'index.html'
meta
Type: Array[...object]
Default: [{ charset: 'utf-8' }]
Specifies attributes used to create <meta>
elements. For each array item, provide an object with key-value pairs that represent <meta>
element attribute names and values.
Specifies the name of the HTML to emit.
publicPath
Type: String
Default: ''
Specifies a path to prepend to all bundle assets (files) in the HTML output.
template
Type: Function
Default: internal function
Returns: String
Specifies a function that provides the rendered source for the HTML output. The function should be in the form of:
const template = ({ attributes, bundle, files, publicPath, title }) => { ... }
attributes
: Corresponds to the attributes
option passed to the pluginbundle
: An Object
containing key-value pairs of AssetInfo
or ChunkInfo
files
: An Array
of AssetInfo
or ChunkInfo
containing any entry (isEntry: true
) files, and any asset (isAsset: true
) files in the bundle that will be emittedpublicPath
: Corresponds to the publicPath
option passed to the plugintitle
: Corresponds to the title
option passed to the pluginBy default this is handled internally and produces HTML in the following format:
<!DOCTYPE html>
<html ${attributes}>
<head>
${metas}
<title>${title}</title>
${links}
</head>
<body>
${scripts}
</body>
</html>
Where ${links}
represents all <link ..
tags for CSS and ${scripts}
represents all <script...
tags for JavaScript files.
title
Type: String
Default: 'Rollup Bundle'
Specifies the HTML document title.
makeHtmlAttributes(attributes)
Parameters: attributes
, Type: Object
Returns: String
Consumes an object with key-value pairs that represent an HTML element attribute name and value. The function returns all pairs as a space-separated string of valid HTML element attributes. e.g.
const { makeHtmlAttributes } = require('@rollup/plugin-html');
makeHtmlAttributes({ lang: 'en', 'data-batcave': 'secret' });
// -> 'lang="en" data-batcave="secret"'
By default, this plugin supports the esm
(es
), iife
, and umd
output formats, as those are most commonly used as browser bundles. Other formats can be used, but will require using the template
option to specify a custom template function which renders the unique requirements of other formats.
amd
Will likely require use of RequireJS semantics, which allows only for a single entry <script>
tag. If more entry chunks are emitted, these need to be loaded via a proxy file. RequireJS would also need to be a dependency and added to the build: https://requirejs.org/docs/start.html.
system
Would require a separate <script>
tag first that adds the s.js
minimal loader. Loading modules might then resemble: <script>System.import('./batman.js')</script>
.
This plugin was inspired by and is based upon mini-html-webpack-plugin by Juho Vepsäläinen and Artem Sapegin, with permission.
FAQs
Creates HTML files to serve Rollup bundles
The npm package @rollup/plugin-html receives a total of 11,546 weekly downloads. As such, @rollup/plugin-html popularity was classified as popular.
We found that @rollup/plugin-html demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.