Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
apostrophe-browserify
Advanced tools
A convenience module for using browserify with frontend code in Apostrophe.
This Apostrophe 2 module enables you to bundle your frontend code using browserify
while taking advantage of automatic minification and Apostrophe's asset pipeline.
When using the development
option watchify
will run, recompiling your assets any time they are saved.
To use it, run npm install apostrophe-browserify --save
and add it to your app.js
configuration:
{
...
'apostrophe-browserify': {
// files are specified relative to the project directory (app.js)
files: [ './public/js/modules/_site.js' ]
}
...
}
Apostrophe will save your bundled file to the public/js/
directory. By default it creates _site-compiled.js
, however the filename can be configured using the outputFile
option.
You specify your input files using the files
option. You may specify more than one. Your input files may use the require
statement, much as they can in node apps, as described in the browserify
documentation.
{
'apostrophe-browserify': {
// The files to compile. All files in the array are
// compiled to a single output file.
files: [ './public/js/modules/_site.js' ],
// The filename of your bundled file.
// Defaults to '_site-compiled.js'.
outputFile: '_site-compiled.js',
// When this is true `watchify` will recompile your
// assets any time they are saved. Defaults to `false`.
development: false,
// When this is true and `development` is also true
// watchify will log a message in the console each
// time your bundle is recompiled. Defaults to `true`.
verbose: true,
// When this is true and `development` is also true
// your operating system will generate a notification
// when watchify's build fails. Defaults to `false`.
notifications: false,
// When this is true, browserify will run a simple babel
// transform on your files using the es2015 preset. You // can read about what is included with that here:
// http://babeljs.io/docs/plugins/preset-es2015/
es2015: true,
// When this option is true, you are able to write JSX
// React within your browserify-compiled files through
// the reactify transform.
react: true,
// When this option is true, you are able to use a small
// subset of node's fs module: readFileSync, readFile,
// readdirSync, and readdir.
// https://github.com/substack/brfs
brfs: true,
// Pass additional options into browserify if
// necessary. Overrides any module-level options.
browserifyOptions: {
}
}
}
Make sure you add public/js/_site-compiled.js
to your .gitignore
and deployment/rsync_exclude.txt
files.
When minify
is true, which it should be for all production Apostrophe sites, the output file will not be recompiled, even on startup, unless it does not exist yet. Together with the apostrophe:generation
task, this prevents race conditions in a multicore Apostrophe production environment.
0.5.8
: added native notifications when build fails, improved error logging. Updated styling of console logs to be a little clearer.
0.5.6
: added source mapping and timestamp logging on recompile when in development
mode.
0.5.5
: no need to manually add the output file to your assets. Behaves properly in a multicore environment as long as minify
is true. Documentation updated. The basedir
option has been removed, as this module is currently only intended for project-level code, but more thought will be given to how this module could be used in conjunction with module-level code in the future.
FAQs
A convenience module for using browserify with frontend code in Apostrophe.
The npm package apostrophe-browserify receives a total of 16 weekly downloads. As such, apostrophe-browserify popularity was classified as not popular.
We found that apostrophe-browserify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.