Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
af-babel-loader
Advanced tools
This package allows transpiling JavaScript files using Babel and webpack.
Notes: Issues with the output should be reported on the babel issue tracker.
webpack 1.x | babel-loader <= 6.x
webpack 2.x | babel-loader >= 7.x (recommended) (^6.2.10 will also work, but with deprecation warnings)
webpack 3.x | babel-loader >= 7.1
yarn add babel-loader babel-core babel-preset-env webpack --dev
We recommend using yarn, but you can also still use npm:
npm install --save-dev babel-loader babel-core babel-preset-env webpack
Within your webpack configuration object, you'll need to add the babel-loader to the list of modules, like so:
module: {
rules: [
{
test: /\.js$/,
exclude: /(node_modules|bower_components)/,
use: {
loader: 'babel-loader',
options: {
presets: ['env']
}
}
}
]
}
See the babel
options.
You can pass options to the loader by using the options property:
module: {
rules: [
{
test: /\.js$/,
exclude: /(node_modules|bower_components)/,
use: {
loader: 'babel-loader',
options: {
presets: ['env'],
plugins: [require('babel-plugin-transform-object-rest-spread')]
}
}
}
]
}
This loader also supports the following loader-specific option:
cacheDirectory
: Default false
. When set, the given directory will be used to cache the results of the loader. Future webpack builds will attempt to read from the cache to avoid needing to run the potentially expensive Babel recompilation process on each run. If the value is blank (loader: 'babel-loader?cacheDirectory'
) or true
(loader: babel-loader?cacheDirectory=true
) the loader will use the default cache directory in node_modules/.cache/babel-loader
or fallback to the default OS temporary file directory if no node_modules
folder could be found in any root directory.
cacheIdentifier
: Default is a string composed by the babel-core's version, the babel-loader's version, the contents of .babelrc file if it exists and the value of the environment variable BABEL_ENV
with a fallback to the NODE_ENV
environment variable. This can be set to a custom value to force cache busting if the identifier changes.
forceEnv
: Default will resolve BABEL_ENV then NODE_ENV. Allow you to override BABEL_ENV/NODE_ENV at the loader level. Useful for isomorphic applications with different babel configuration for client and server.
Note: The sourceMap
option is ignored, instead sourceMaps are automatically enabled when webpack is configured to use them (via the devtool
config option).
Make sure you are transforming as few files as possible. Because you are probably
matching /\.js$/
, you might be transforming the node_modules
folder or other unwanted
source.
To exclude node_modules
, see the exclude
option in the loaders
config as documented above.
You can also speed up babel-loader by as much as 2x by using the cacheDirectory
option.
This will cache transformations to the filesystem.
babel uses very small helpers for common functions such as _extend
. By default
this will be added to every file that requires it.
You can instead require the babel runtime as a separate module to avoid the duplication.
The following configuration disables automatic per-file runtime injection in babel, instead
requiring babel-plugin-transform-runtime
and making all helper references use it.
See the docs for more information.
NOTE: You must run npm install babel-plugin-transform-runtime --save-dev
to include this in your project and babel-runtime
itself as a dependency with npm install babel-runtime --save
.
rules: [
// the 'transform-runtime' plugin tells babel to require the runtime
// instead of inlining it.
{
test: /\.js$/,
exclude: /(node_modules|bower_components)/,
use: {
loader: 'babel-loader',
options: {
presets: ['env'],
plugins: ['transform-runtime']
}
}
}
]
Since babel-plugin-transform-runtime includes a polyfill that includes a custom regenerator runtime and core.js, the following usual shimming method using webpack.ProvidePlugin
will not work:
// ...
new webpack.ProvidePlugin({
'Promise': 'bluebird'
}),
// ...
The following approach will not work either:
require('babel-runtime/core-js/promise').default = require('bluebird');
var promise = new Promise;
which outputs to (using runtime
):
'use strict';
var _Promise = require('babel-runtime/core-js/promise')['default'];
require('babel-runtime/core-js/promise')['default'] = require('bluebird');
var promise = new _Promise();
The previous Promise
library is referenced and used before it is overridden.
One approach is to have a "bootstrap" step in your application that would first override the default globals before your application:
// bootstrap.js
require('babel-runtime/core-js/promise').default = require('bluebird');
// ...
require('./app');
babel
has been moved to babel-core
.If you receive this message it means that you have the npm package babel
installed and use the short notation of the loader in the webpack config (which is not valid anymore as of webpack 2.x):
{
test: /\.js$/,
loader: 'babel',
}
Webpack then tries to load the babel
package instead of the babel-loader
.
To fix this you should uninstall the npm package babel
as it is deprecated in babel v6. (instead install babel-cli
or babel-core
)
In the case one of your dependencies is installing babel
and you cannot uninstall it yourself, use the complete name of the loader in the webpack config:
{
test: /\.js$/,
loader: 'babel-loader',
}
FAQs
babel module loader for webpack
The npm package af-babel-loader receives a total of 6 weekly downloads. As such, af-babel-loader popularity was classified as not popular.
We found that af-babel-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.