Security News
Combatting Alert Fatigue by Prioritizing Malicious Intent
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
@webextension-toolbox/webextension-toolbox
Advanced tools
Framework for WebExtensions (Firefox, Chrome, Opera, Edge)
Small cli toolbox for creating cross-browser WebExtensions.
If you want to get started quickly check out the yeoman generator for this project.
chrome
)opera
)edge
)firefox
)safari
)The build
task creates bundles for:
.xpi
).zip
).crx
).zip
).zip
)Validates your manifest.json
while compiling.
You can skip this by adding --validateManifest
to your build
or dev
command.
Uses default fields (name
, version
, description
) from your package.json
Native typescript support (but not enforced!) (see section How do I use Typescript?)
Allows you to define vendor specific manifest keys.
manifest.json
"name": "my-extension",
"__chrome__key": "yourchromekey",
"__chrome|opera__key2": "yourblinkkey"
If the vendor is chrome
it compiles to:
"name": "my-extension",
"key": "yourchromekey",
"key2": "yourblinkkey"
If the vendor is opera
it compiles to:
"name": "my-extension",
"key2": "yourblinkkey"
else it compiles to:
"name": "my-extension"
The WebExtension specification is currently supported on Chrome, Firefox, Edge (Chromium) and Safari (Safari Web Extension’s Browser Compatibility).
This toolbox no longer provides any polyfills for cross-browser support. If you need polyfills e.g. between 'browser' and 'chrome', we recommend detecting the browser during the build time using process.env.VENDOR.
This toolbox comes with babel-preset-env. Feel free add custom configuration if you need any custom polyfills.
$ npm install -g @webextension-toolbox/webextension-toolbox
$ npm install -D @webextension-toolbox/webextension-toolbox
dist/<vendor>
.process.env.NODE_ENV
to development
.process.env.VENDOR
to the current vendor.$ webextension-toolbox dev <vendor> [..options]
$ webextension-toolbox dev --help
$ webextension-toolbox dev chrome
$ webextension-toolbox dev firefox
$ webextension-toolbox dev opera
$ webextension-toolbox dev edge
$ webextension-toolbox dev safari
dist/<vendor>
.process.env.NODE_ENV
to production
.process.env.VENDOR
to the current vendor.packages
.Usage: build [options] <vendor>
Compiles extension for production
Options:
-c, --config [config] specify config file path (default: "./webextension-toolbox.config.js")
-s, --src [src] specify source directory (default: "app")
-t, --target [target] specify target directory (default: "dist/[vendor]")
-d, --devtool [string | false] controls if and how source maps are generated (default: false)
--no-minimize disables code minification
-v, --vendor-version [vendorVersion] last supported vendor (default: current)
--no-manifest-validation validate manifest syntax
-h, --help display help for command
Usage: dev [options] <vendor>
Compiles extension in devmode
Arguments:
vendor The Vendor to compile
Options:
-c, --config [config] specify config file path (default: "./webextension-toolbox.config.js")
-s, --src [src] specify source directory (default: "app")
-t, --target [target] specify target directory (default: "dist/[vendor]")
-d, --devtool [string | false] controls if and how source maps are generated (default: "cheap-source-map")
-r, --no-auto-reload Do not inject auto reload scripts into background objects
-p, --port [port] Define the port for the websocket development server (default: "35729")
-v, --vendor-version [vendorVersion] last supported vendor (default: current)
--dev-server [devServer] use webpack dev server to serve bundled files (default: false)
--no-manifest-validation Skip Manifest Validation
--verbose print messages at the beginning and end of incremental build
-h, --help display help for command
All javascript files located at the root of your ./app
or ./app/scripts
directory will create a separate bundle.
app | dist |
---|---|
app/background.js | dist/<vendor>/background.js |
app/scripts/background.js | dist/<vendor>/scripts/background.js |
app/some-dir/some-file.js | Will be ignored as entry file. |
app/scripts/some-dir/some-file.js | Will be ignored as entry file. |
In order to extend the usage of webpack
, you can define a function that extends its config via webextension-toolbox.config.js
(or a file you define through the usage of the -c
option) in your project root.
module.exports = {
webpack: (config, { dev, vendor }) => {
// Perform customizations to webpack config
// Important: return the modified config
return config;
},
};
As WebExtension Toolbox uses webpack’s devtool feature under the hood, you can also customize the desired devtool with the --devtool
argument.
For example, if you have problems with source maps on Firefox, you can try the following command:
webextension-toolbox build firefox --devtool=inline-cheap-source-map
Please see Issue #58 for more information on this
If want to develop browser extensions for Firefox only web-ext might be a better fit for you, since it supports, extension signing, better manifest validation and auto mounting.
Nevertheless if you want to develop cross browser extensions using
webextension-toolbox might be your tool of choice.
npm install @babel/preset-react --save-dev
{
"presets": [
"@babel/preset-react"
]
}
npm install typescript --save-dev
tsc --init
or manually add a tsconfig.json file to your project rootCopyright 2018-2022 Henrik Wenz
This project is free software released under the MIT license.
[6.2.0] - 2023-10-28
FAQs
Framework for WebExtensions (Firefox, Chrome, Opera, Edge)
The npm package @webextension-toolbox/webextension-toolbox receives a total of 231 weekly downloads. As such, @webextension-toolbox/webextension-toolbox popularity was classified as not popular.
We found that @webextension-toolbox/webextension-toolbox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.