Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
angular-webpack-plugin
Advanced tools
Makes webpack aware of AngularJS modules.
This project is just getting off the ground.
It is at the stage now where you can use it to get angular apps webpacked
without needing require()
in your code, but it does it by trying to map
between angular module names and file names. The conventions for doing this are
various, so it will not fit all cases. Please submit an issue on github if it
isn't working for your modules and I'll try to iron out the wrinkles over time.
To see it in action, I've forked the angular-seed project
Given how complex the problem is, regular test frameworks can't help much. I've
developed a small grunt task to run compile scenarios and check the output. It's
less than ideal and a little fragile. To add new scenarios, create a directory
in test/scenarios containing a webpack.conf.js config file, an in
and an out
directory. The in
directory will be used as the source and the output will
be compared against out/bundle.js
(ignoring comments etc.).
To run the scenarios::
grunt webpackScenario
by default, it won't show what the output was when it doesn't match, so use
grunt --debug webpackScenario
In addition, karma tests in the verify
directory check that the output makes
a viable executable using the karma.conf.js
file.
The default grunt task checks everything.
Webpack 1.4 and fix for modules using window.angular
Working well enough to build the angular-seed project.
First release
Copyright (c) 2014 Paul Thomas. Licensed under the MIT license.
FAQs
Makes webpack aware of AngularJS modules.
We found that angular-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.