![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
asset-pipe-js-writer
Advanced tools
Readme
This is an internal module intended for use by other modules in the asset-pipe project.
This module reads a CommonJS module entry point for javascript files and resolves all the dependencies into an asset feed. It returns an Browserify instance.
The output of this module can be piped into the asset-pipe-js-reader module to build executable javascript bundles for the browser.
What we refere to as an asset feed is the internal data format used in Browserify. We use the exact same data format as Browserify in the asset-pipe project.
When Browserify resolves CommonJS modules each dependency will be read and transformed into an object which looks something like this:
{
"id":"c645cf572a8f5acf8716e4846b408d3b1ca45c58",
"source":"\"use strict\";module.exports.world=function(){return\"world\"};",
"deps":{},
"file":"./assets/js/bar.js"
}
Each such object is emitted on a stream for each dependency. This is the asset feed.
$ npm install asset-pipe-js-writer
Read an CommonJS module entry point and pipe the feed to a JSON on disc:
const JSONStream = require('JSONStream');
const Writer = require('asset-pipe-js-writer');
const fs = require('fs');
const writer = new Writer('./js/browser.main.js');
writer.bundle().pipe(JSONStream.stringify()).pipe(fs.createWriteStream('./feed/a.json'));
This module have the following API:
Supported arguments are:
files
- Same as files
in the Browserify constructoropts
- Same as opts
in the Browserify constructorbundle
- Boolean - If true
this module will output a executable javascript bundle. Default: false
.minify
- Boolean - If true
the source
in the asset feed will be minified. Default: false
.Returns a Readable stream
.
Same as the Browserify transform method.
Same as the Browserify plugin method.
The MIT License (MIT)
Copyright (c) 2017 - Trygve Lie - post@trygve-lie.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Javascript asset feed writer
We found that asset-pipe-js-writer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.