Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
@vendhq/uglifyify
Advanced tools
A Browserify v2 transform which minifies your code using terser (a maintained fork of uglify-es).
This fork contains fixes for some longstanding issues including:
npm install uglifyify
Ordinarily you'd be fine doing this:
browserify index.js | uglifyjs -c > bundle.js
But uglifyify is able to yield smaller output by processing files individually instead of just the entire bundle. When using uglifyify you should generally also use Uglify, to achieve the smallest output. Uglifyify provides an additional optimization when used with Uglify, but does not provide all of the optimization that using Uglify on its own does, so it's not a replacement.
Uglifyify gives you the benefit of applying Uglify's "squeeze" transform on each file before it's included in the bundle, meaning you can remove dead code paths for conditional requires. Here's a contrived example:
if (true) {
module.exports = require('./browser')
} else {
module.exports = require('./node')
}
module.exports = require('./node')
will be excluded by Uglify, meaning that
only ./browser
will be bundled and required.
If you combine uglifyify with envify, you can make this a little more accessible. Take this code:
if (process.env.NODE_ENV === 'development') {
module.exports = require('./development')
} else {
module.exports = require('./production')
}
And use this to compile:
NODE_ENV=development browserify -t envify -t uglifyify index.js -o dev.js &&
NODE_ENV=production browserify -t envify -t uglifyify index.js -o prod.js
It should go without saying that you should be hesitant using environment
variables in a Browserify module - this is best suited to your own
applications or modules built with Browserify's --standalone
tag.
Sometimes, you don't want uglifyify to minify all of your files – for example,
if you're using a transform to require
CSS or HTML, you might get an error
as uglify expects JavaScript and will throw if it can't parse what it's given.
This is done using the -x
or --exts
transform options, e.g. from the
command-line:
browserify \
-t coffeeify \
-t [ uglifyify -x .js -x .coffee ]
The above example will only minify .js
and .coffee
files, ignoring the rest.
You might also want to take advantage of uglifyify's pre-bundle minification to produce slightly leaner files across your entire browserify bundle. By default, transforms only alter your application code, but you can use global transforms to minify module code too. From your terminal:
browserify -g uglifyify ./index.js > bundle.js
Or programatically:
var browserify = require('browserify')
var fs = require('fs')
var bundler = browserify(__dirname + '/index.js')
bundler.transform('uglifyify', { global: true })
bundler.bundle()
.pipe(fs.createWriteStream(__dirname + '/bundle.js'))
Note that this is fine for uglifyify as it shouldn't modify the behavior of your code unexpectedly, but transforms such as envify should almost always stay local – otherwise you'll run into unexpected side-effects within modules that weren't expecting to be modified as such.
Sometimes uglifyjs will break specific files under specific settings – it's
rare, but does happen – and to work around that, you can use the ignore
option. Given one or more glob patterns, you can filter out specific files
this way:
browserify -g [ uglifyify --ignore '**/node_modules/weakmap/*' ] ./index.js
var bundler = browserify('index.js')
bundler.transform('uglifyify', {
global: true,
ignore: [
'**/node_modules/weakmap/*'
, '**/node_modules/async/*'
]
})
bundler.bundle().pipe(process.stdout)
Uglifyify supports source maps, so you can minify your code and still see the original source – this works especially well with a tool such as exorcist when creating production builds.
Source maps are enabled when:
--debug
flag (or debug
option) to your browserify
bundle.Enabling --debug
with browserify is easy:
browserify -t uglifyify --debug index.js
var bundler = browserify({ debug: true })
bundler
.add('index.js')
.transform('uglifyify')
.bundle()
.pipe(process.stdout)
If you'd prefer them not to be included regardless, you can opt out
using the sourcemap
option:
browserify -t [ uglifyify --no-sourcemap ] app.js
var bundler = browserify('index.js')
bundler.transform('uglifyify', { sourceMap: false })
.bundle()
.pipe(process.stdout)
FAQs
A browserify transform which minifies your code using terser
The npm package @vendhq/uglifyify receives a total of 0 weekly downloads. As such, @vendhq/uglifyify popularity was classified as not popular.
We found that @vendhq/uglifyify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 47 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.