![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@statoscope/webpack-ui
Advanced tools
Package description
@statoscope/webpack-ui is a tool for visualizing and analyzing Webpack bundle statistics. It provides a user-friendly interface to help developers understand the structure and performance of their Webpack bundles, identify issues, and optimize their build process.
Bundle Analysis
This feature allows you to generate a detailed report of your Webpack bundle, including size, composition, and dependencies. The report can be saved as an HTML file for easy viewing.
const StatoscopeWebpackPlugin = require('@statoscope/webpack-plugin');
module.exports = {
plugins: [
new StatoscopeWebpackPlugin({
saveReportTo: 'path/to/report.html',
saveStatsTo: 'path/to/stats.json',
open: false,
}),
],
};
Dependency Visualization
This feature provides a visual representation of the dependencies within your Webpack bundle, helping you to identify and resolve dependency issues.
const StatoscopeWebpackPlugin = require('@statoscope/webpack-plugin');
module.exports = {
plugins: [
new StatoscopeWebpackPlugin({
saveReportTo: 'path/to/report.html',
saveStatsTo: 'path/to/stats.json',
open: false,
additionalStats: ['path/to/another-stats.json'],
}),
],
};
Performance Insights
This feature provides insights into the performance of your Webpack bundle, including build times and asset sizes. It can help you identify bottlenecks and optimize your build process.
const StatoscopeWebpackPlugin = require('@statoscope/webpack-plugin');
module.exports = {
plugins: [
new StatoscopeWebpackPlugin({
saveReportTo: 'path/to/report.html',
saveStatsTo: 'path/to/stats.json',
open: false,
watchMode: true,
}),
],
};
webpack-bundle-analyzer is a tool that provides a visual representation of the contents of your Webpack bundle. It generates an interactive treemap visualization of the bundle's modules, helping you to understand the size and composition of your bundle. Compared to @statoscope/webpack-ui, it is more focused on visualizing the size of individual modules and their dependencies.
source-map-explorer analyzes JavaScript bundles using source maps to determine which file each byte in your minified code came from. It provides a detailed breakdown of the bundle's contents, helping you to identify large or unnecessary dependencies. While @statoscope/webpack-ui provides a broader range of features, source-map-explorer is specifically focused on analyzing and visualizing the contents of JavaScript bundles.
bundle-stats is a tool that generates a detailed report of your Webpack bundle, including size, composition, and performance metrics. It provides a visual representation of the bundle's contents and helps you to identify and resolve issues. Compared to @statoscope/webpack-ui, bundle-stats offers similar functionality but with a different user interface and focus on performance metrics.
Changelog
5.0.1 (1 June 2021)
[cli]
fix generate
command[cli]
fix readme[webpack-plugin]
npm audit fix[webpack-ui]
npm audit fixReadme
This package supplies UI to inspect webpack stats.
It can tell almost all about your bundle:
You can try it at Statoscope sandbox
See @statoscope/webpack-plugin
1. Collect the bundle stats with:
webpack --json > stats.json
2. Pass stats file to Statoscope
import init from '@statoscope/webpack-ui';
import stats from 'path/to/stats.json'
init({
name: "stats.json",
data: stats
});
Also, you may pass an array of stats
Every module has an issuer path (the shortest way to a module) and the reasons (other modules and chunks that require a module).
Use modules tree to find all the places where a module was required.
A massive bundle should be split into small async chunks. Synchronous (initial) chunks block your page loading and rendering till these chunks load.
Less initial size is better:
Use chunks tree to find out which chunks are synchronous and try to split it.
Also, you can view a chunk map to look at a chunk from the other side:
Your bundle may use a few versions of the same package (node module).
Use package tree to find out how many package copies was bundled:
Sometimes we have a few modules with the same content. Statoscope can find these modules and show when these modules were required.
This is only a short description of Statoscope features. Just try it by yourself and find out more about your bundle.
Statoscope has a powerful tool to compare the stats.
Just drop two (or more) stats files to https://statoscope.tech and press the Diff
button.
If you're using the webpack plugin, use additionalStats property.
Statoscope provides a way to create your own report with Jora language and Discovery.js.
Make report
Example: Top 5 biggest assets
If you're using Create React App then use --stats
argument to get the stats:
yarn build --stats
or npm run build -- --stats
This will create build/undle-stats.json
that can be used in Statoscope.
If you have an error with the text Unexpected token W in JSON at position 0
then you are probably using webpack-bundle-analyzer
that corrupts webpack output. Just remove the first line of your stats file and try to load your file again.
Statoscope use only stats that it has. There is only one required flag - hash
.
stats: {
all: false, // disable all the stats
hash: true, // add a compilation hash
}
It works, but useless, because the result stats is empty.
You may disable some stats-flags to decrease your stats-file size. Here is a set of minimum useful stats flags:
stats: {
all: false, // disable all the stats
hash: true, // add compilation hash
entrypoints: true, // add entrypoints stats
chunks: true, // add chunks stats
chunkModules: true, // add modules stats
reasons: true, // add modules reasons stats
},
And an example of full stats:
stats: {
all: false, // disable all the stats
hash: true, // add compilation hash
entrypoints: true, // add entrypoints stats
chunks: true, // add chunks stats
chunkModules: true, // add modules stats
reasons: true, // add modules reasons stats
assets: true, // add assets stats
chunkOrigins: true, // add chunks origins stats (to find out which modules require a chunk)
version: true, // add webpack version
builtAt: true, // add build at time
timings: true, // add build at time
performance: true, // add info about oversized assets
source: true, // add module sources (uses to find modules duplicates)
},
Just specify a context to stats options:
stats: {
context: 'path/to/project/root'
}
If you are an engineer or a company that is interested in Statoscope improvements, you may support Statoscope by financial contribution at OpenCollective.
FAQs
Unknown package
We found that @statoscope/webpack-ui demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.