Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@strapi/pack-up
Advanced tools
pack-up is a set of simple tools for creating interoperable CJS & ESM packages.
Setting up a new interoperable project is as easy as doing:
npx @strapi/pack-up@latest init my-package
cd my-package
npm run build
Just a small bit about us:
vite
as a JS bundler, no need to install it though as it's preprepared with helpful defaults ready to tackle all projects.package.json
so you know the interoperable aspect is correctly set up and there's no requirement for another config!If you're setting up a brand new package we recommend you use the init
command to get started:
npx @strapi/pack-up@latest init my-package
But if you're adding this to an existing project then just install like every other dependency:
npm install @strapi/pack-up@latest --save-dev
And to help you ensure your package is set up correctly run the check
command:
npm run pack-up check
Run pack-up -h
for more information on CLI usage.
init [path]
Creates a new package at the given path, by default uses the inbuilt template sensible options for your package to choose from.
--template [path]
– path to a custom template of type TemplateOrTemplateResolver
.build
Builds your current package based on the configuration in your package.json
and packup.config.ts
(if applicable).
--minify
– minifies the output (default false
).--sourcemap
– generates sourcemaps for the output (default true
).check
Checks your current package to ensure it's interoperable in the real world. In short, validates the files in your dist have been produced as we expect & then esbuild
can actually build, using your exported code.
watch
Watches your current package for changes and rebuilds when necessary.
@strapi/pack-up
by default reads its configuration from your package.json
. But sometimes you need more flexibility, to do this you can create a packup.config.ts
file in the root of your package.
// packup.config.ts
import { defineConfig } from '@strapi/pack-up';
export default defineConfig({
minify: true,
sourcemap: false,
externals: ['path', 'fs'],
});
bundles
ConfigBundle[]
An array of entry points to bundle. This is useful if you want to bundle something that should not be exported by the package, e.g. CLI scripts or Node.js workers.
dist
string
The path to the directory to which the bundled files should be written.
exports
Record<string, Export>
Overwrite or amend the parsed exports from your package.json
.
externals
string[]
An array of modules that should not be bundled but instead be resolved at runtime, this is by default the dependencies listed in your package.json
(excluding devDeps).
minify
boolean
Whether to minify the output or not.
plugins
PluginOption[] | (({ runtime }: { runtime: Runtime }) => PluginOption[]);
An array of Vite plugins to use when bundling, or optionally a function that returns an array of plugins based on the runtime.
preserveModules
boolean
Instead of creating as few chunks as possible, this mode will create separate chunks for all modules using the original module names as file names.
sourcemap
boolean
Whether to generate sourcemaps for the output or not.
runtime
Runtime
The transpilation target of the bundle. This is useful if you're bundling many different CLIs or Node.js workers and you want them to be transpiled for the node environment.
tsconfig
string
Path to the tsconfig file to use for the bundle, defaults to tsconfig.build.json
.
FAQs
Simple tools for creating interoperable CJS & ESM packages.
We found that @strapi/pack-up demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.