Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@tinkoff/babel-plugin-lodash
Advanced tools
Transform lodash imports to include into bundle only imported functions
This plugin transforms lodash imports to include into bundle only imported functions.
npm install --save-dev @tinkoff/babel-plugin-lodash
yarn add --dev @tinkoff/babel-plugin-lodash
In
import _ from "lodash";
import { add } from "lodash/fp";
import { slice } from "lodash-es";
const addOne = add(1);
_.map([1, 2, 3], addOne);
slice([1, 2, 3], 2);
Out
import _add from "lodash/fp/add";
import _map from "lodash/map";
import _slice from "lodash-es/slice";
const addOne = _add(1);
_map([1, 2, 3], addOne);
_slice([1, 2, 3], 2);
.babelrc
{
"plugins": ["@tinkoff/babel-plugin-lodash"]
}
$ babel --plugins @tinkoff/babel-plugin-lodash script.js
require("@babel/core").transformSync(code, {
plugins: ["@tinkoff/babel-plugin-lodash"],
});
ensureModuleExists
boolean
, defaults to false
.
When this option is enabled, plugin tries to resolve path to imported lodash module using require.resolve()
. If the
module can not be found, an error is thrown. Usually such check is done out of box by bundler (e.g. webpack) or
typescript. Enabling this option may lead to decreasing performance.
In
import _ from "lodash";
_.slice([1, 2], 1);
_.unknownFunc();
Out
import _slice from "lodash/slice"; // OK
import _unknownFunc from "lodash/unknownFunc"; // ERROR
_slice([1, 2], 1);
_unknownFunc();
lodash
, lodash/fp
, lodash-es
FAQs
Transform lodash imports to include into bundle only imported functions
We found that @tinkoff/babel-plugin-lodash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.