
Research
/Security News
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
babel-plugin-evaluate
Advanced tools
A babel plugin to evaluate code at build-time.
I wanted to evaluate some functions and calculations in build process that didn't need to run at runtime, to remove the modules themselves from the bundle to reduce its size.
babel-plugin-preval and babel-plugin-codegen only supports CommonJS not ES Modules, and the evaluation does not run in a sandbox.
babel-plugin-polished only supports polished and only handles simple syntaxes.
babel-plugin-inline-constants only handles constants inlining.
npm install babel-plugin-evaluate
// babel.config.js
module.exports = {
plugins: [["babel-plugin-evaluate", { name: "polished" }]],
};
// App.js
import { rgba } from "polished";
const val = "blue";
const obj = {
color: "#123456",
red: "red",
};
const a = rgba(val, 0.5); // const a = "rgba(0,0,255,0.5)";
const b = rgba(obj["color"], 0.5); // const b = "rgba(18,52,86,0.5)";
const c = rgba(obj.red, 0.5); // const c = "rgba(255,0,0,0.5)";
// babel.config.js
module.exports = {
plugins: [["babel-plugin-evaluate", { name: /\/constants\// }]],
};
// constants/foo.js
export const foo = 2 * 7;
export const bar = "bar" + "baz";
// App.js
import { foo, bar } from "./constants/foo.js";
const fooVal = foo; // const fooVal = 14;
const barVal = bar; // const barVal = "barbaz";
All contributions are welcome. If you find a problem, feel free to create an issue or a PR.
npm install
.FAQs
A babel plugin to evaluate code at build-time.
We found that babel-plugin-evaluate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.