Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
angular-lazy-bundler
Advanced tools
## Table of contents - [What does it do?](#what-does-it-do) - [How is it different from tools like Browserify?](#how-is-it-different-from-tools-like-browserify) - [Requirements](#requirements) - [API](#api) - [Usage example](#usage-example)
Lazy loading components at runtime gives us the advantage to ony load code that is going to be used by the client. At the same time it introduces one big disadvantage; it increases the number of network calls we need to make to load a component / library. This leads to slower page load times and affects the user experience negatively. This is what Angular Lazy Bundler tries to solve.
Lets take the following component as an example:
+src
| +components
| | +home-state
| | | home-route.js
| | | home-state.html
| | | home-state-controller.js
| | | index.js
To load the home state component the browser would need to make at least four requests. Angular Lazy Bundler solves this issue by creating a bundle of our source code per component. Given the above example, the bundler would create a combined file containing all four of the home state's files.
+src
| +build
| | +bundles
| | | home-state.js
The same is applied for JSPM packages. As of now, if you load JSPM packages in the browser you at least make two server calls. One for the package file, e.g. lodash@1.x.x.js
. The only purpose of that file is to reference the main package file defined in package.json, e.g. index.js
for lodash. This is a necessary evil to make NPM packages easy loadable by name in the browser. The Bundler optimizes this load process by combining the package and the main file into one.
After creating the bundles you can tell Angular Lazy Bundler to also update your SystemJS configuration, so that the loader knows about the bundles and loads the combined resources instead of the individual files. See the bundle config API in the SystemJS documentation.
Browserify and similar tools, by default, create one big bundle which contains all the application's source code. This works good for smaller applications. But when you have a few megabytes of code this becomes somewhat of a burden. Let's say our application has 20 different states / screens. The only thing the user wants to do is check his new messages which is one state. But even in that scenario the browser would actually download the remaining code of the application before the user can look at his inbox. This unnecessary wait time is what we want to omit by loading only the parts of the application the user is actually going to access.
For the bundler to work it's required to have a project structure as generated by Angular Lazy Generator. Each index.js file in the src folder indicates a root of a component. Only resources which are referenced / imported by the corresponding index.js file, and their sub-dependencies, will land in the resulting bundle. Files which are not imported statically from anywhere will not be bundled. But they will still get loaded by SystemJS individually.
Promise
Promise
Promise
Promise
Promise
Promise
Param | Type | Default | Description |
---|---|---|---|
options | Object | Bundler options. | |
[options.source] | String | src | Where to search for components / index.js files. |
[options.baseUrl] | String | . | Base URL on the file system to use for bundling. |
[options.dest] | String | build/bundles | Destination folder where the bundled resources will be written to. |
[options.bundlesBaseUrl] | String | bundles | Path relative to the baseURL of SystemJS in the browser of the destination folder. |
[options.systemJsConfig] | String | config/system.js | Path to the SystemJS configuration file. |
[options.sourceMaps] | Boolean | true | Enable / disable sourcemap generation. |
[options.minify] | Boolean | true | Enable / disable minification of bundled resources. |
[options.tab] | String | 4 spaces | What to use as tab when formatting the updated SystemJS configuration. |
Promise
Bundle a specific application component.
Kind: instance method of Bundler
Param | Type | Description |
---|---|---|
index | String | Path to the index.js file of the component. |
Promise
Bundles all application components.
Kind: instance method of Bundler
Promise
Bundle a certain vendor package.
Kind: instance method of Bundler
Param | Type | Description |
---|---|---|
packageName | String | Package name, same as in the SystemJS configuration. |
Promise
Combine multiple vendor packages into one bundle.
Kind: instance method of Bundler
Param | Type | Description |
---|---|---|
packageNames | Array | Which packages to bundle. |
saveAs | String | Name of the resulting bundle (without .js extension). |
Promise
Bundles all vendor packages which are not yet part of an existing bundle.
Kind: instance method of Bundler
Promise
Saves bundle information to the SystemJS configuration.
Kind: instance method of Bundler
const Bundler = require('angular-lazy-bundler').Bundler;
const bundler = new Bundler({
systemJsConfig: 'config/system.js'
});
bundler
//bundles the sources of our application per component
.bundleComponents()
//creates a custom bundle with all packages required for boostrapping the application
.then(() => {
return bundler.bundleDependencies(
[
'angular',
'angular-resource',
'angular-sanitize',
'angular-ui-router',
'ui-router-extras'
],
'main-vendors'
);
})
//bundles the remaining packages individually
.then(() => bundler.bundlePackageDependencies())
//updates our SystemJS configuration
.then(() => bundler.saveConfig())
//here we can handle errors
.catch((err) => { });
FAQs
## Table of contents - [What does it do?](#what-does-it-do) - [How is it different from tools like Browserify?](#how-is-it-different-from-tools-like-browserify) - [Requirements](#requirements) - [API](#api) - [Usage example](#usage-example) - [Troubleshoo
The npm package angular-lazy-bundler receives a total of 1 weekly downloads. As such, angular-lazy-bundler popularity was classified as not popular.
We found that angular-lazy-bundler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.