![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
@vavra7/compiler
Advanced tools
It runs Webpack under the hood to bundle application. Client part and server part allowing React to be server side rendered.
Readme
It runs Webpack under the hood to bundle application. Client part and server part allowing React to be server side rendered.
SSR React app written in Typescript
compiler dev
compiler build
compiler build -a
.
āāā dist
ā āāā bundles.json
ā āāā index.js
ā āāā static
ā āāā gz
ā ā āāā main.js.gz
ā ā āāā react.js.gz
ā āāā js
ā ā āāā main.js
ā ā āāā react.js
ā āāā media
ā āāā 6576f3a9a340ac02328d.jpg
āāā node_modules
āāā public
ā āāā favicon.ico
āāā src
ā āāā assets
ā ā āāā media
ā ā āāā logo.jpg
ā āāā index.client.tsx
ā āāā index.server.tsx
ā āāā root.tsx
āāā package.json
āāā tsconfig.json
import type { FC } from 'react';
import React from 'react';
const Root: FC = () => {
return (
<>
<img alt="logo" src={require('./assets/media/logo.jpg')} />
<div>Root of React application.</div>
</>
);
};
export default Root;
import fs from 'node:fs';
import path from 'node:path';
import express from 'express';
import React from 'react';
import { renderToString } from 'react-dom/server';
import Root from './root';
const app = express();
const bundles = JSON.parse(fs.readFileSync(path.join(__dirname, './bundles.json'), 'utf-8'));
app.use('/', express.static(path.join(__dirname, '../public')));
app.use('/static/media', express.static(path.join(__dirname, './static/media')));
app.use('/static/css', express.static(path.join(__dirname, './static/css')));
app.use('/static/fonts', express.static(path.join(__dirname, './static/fonts')));
app.use(
'/static/gz',
express.static(path.join(__dirname, './static/gz'), {
setHeaders: res => {
res.setHeader('Content-Type', 'text/javascript');
res.setHeader('Content-Encoding', 'gzip');
}
})
);
app.use('*', (req, res) => {
const app = <Root />;
const markup = `
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="${bundles.main}" defer></script>
<script src="${bundles.react}" defer></script>
<title>Document</title>
</head>
<body>
<div id="root-container">
${renderToString(app)}
</div>
</body>
</html>
`;
res.setHeader('Content-Type', 'text/html');
res.end(markup);
});
app.listen(3000, () => console.log('Server is listening on http://localhost:3000'));
import React from 'react';
import { createRoot } from 'react-dom/client';
import Root from './root';
if (module?.hot) module.hot.accept();
const container = document.getElementById('root-container');
const root = createRoot(container!);
root.render(<Root />);
https://github.com/pmmmwh/react-refresh-webpack-plugin/issues/725
FAQs
It runs Webpack under the hood to bundle application. Client part and server part allowing React to be server side rendered.
The npm package @vavra7/compiler receives a total of 1 weekly downloads. As such, @vavra7/compiler popularity was classified as not popular.
We found that @vavra7/compiler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.Ā It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.