Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@takeshape/esbuild-node-externals
Advanced tools
## Temporary package while waiting for https://github.com/pradel/esbuild-node-externals/pull/42
Esbuild plugin to easily exclude node modules during builds.
When bundling with Esbuild for the backend by default it will try to bundle all the dependencies. However it's a good idea to not bundle all the node_modules
dependencies. This plugin will scan the dependencies included in your project and will exclude them from the final bundle.
This plugin requires minimum Node.js 12, and Esbuild 0.12+.
# with npm
npm install --save-dev @takeshape/esbuild-node-externals
# with yarn
yarn add --dev @takeshape/esbuild-node-externals
When you call the esbuild build API, add the esbuild-node-externals plugin.
// Your bundler file
const esbuild = require('esbuild');
const { nodeExternalsPlugin } = require('@takeshape/esbuild-node-externals');
esbuild.build({
entryPoints: ['src/index.js'],
bundle: true,
platform: 'node',
outfile: 'dist/index.js',
plugins: [nodeExternalsPlugin()],
});
When calling this package, you can pass an options
object.
// Your bundler file
const esbuild = require('esbuild');
const { nodeExternalsPlugin } = require('@takeshape/esbuild-node-externals');
esbuild.build({
// ...
plugins: [
nodeExternalsPlugin({
packagePath: 'path/to/package.json',
}),
],
});
options.packagePath
Path to your package.json
. Can be a string or an array of strings. If you are using a monorepo you can provide a list of all the package.json
to check.
If this option is not specified the default behavior is to start with the current directory's package.json then go up scan for all package.json files in parent directories recursively until either the root git directory is reached or until no other package.json can be found.
options.dependencies
(default to true
)Make package.json dependencies
external.
options.devDependencies
(default to true
)Make package.json devDependencies
external.
options.peerDependencies
(default to true
)Make package.json peerDependencies
external.
options.optionalDependencies
(default to true
)Make package.json optionalDependencies
external.
options.allowList
(default to []
)An array for the externals to allow, so they will be included in the bundle. Can accept exact strings ('module_name'), regex patterns (/^module_name/), or a function that accepts the module name and returns whether it should be included.
This package and the implementation are inspired by the work of @liady on webpack-node-externals for webpack and @Septh on rollup-plugin-node-externals for rollup.
MIT © Léo Pradel
FAQs
## Temporary package while waiting for https://github.com/pradel/esbuild-node-externals/pull/42
The npm package @takeshape/esbuild-node-externals receives a total of 0 weekly downloads. As such, @takeshape/esbuild-node-externals popularity was classified as not popular.
We found that @takeshape/esbuild-node-externals demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.