Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
backpack-react-scripts
Advanced tools
Backpack configuration and scripts for Create React App.
backpack-react-scripts
is up to v2.1.2
. Versions above this will not work.This package is a fork of Create React App (specifically the
react-scripts
package). It's intended to be used in conjuction with create-react-app
like so:
npx create-react-app@2.1.2 my-app --scripts-version=backpack-react-scripts@7.0.5
# start your app development like you normally would with `create-react-app`
cd my-app
npm start
.css
& .scss
files.css.html
& js.html
: New files in the build/
output folder. These are html partials that include <script />
and <link />
references to the various static assets output by webpack. Useful if automatic chunking is turned on and you don't want to worry about order."backpack-react-scripts"
field in package.json
:
crossOriginLoading
: Modify the default behaviour, see docs.babelIncludePrefixes
: An array of module name prefixes to opt into babel compilation. Includes ["@skyscanenr/", "bpk-", "saddlebag-"]
by default.enableAutomaticChunking
: Boolean, opt in to automatic chunking of vendor, common and app code.vendorsChunkRegex
: String, Regex for picking what goes into the vendors
chunk. See cacheGroups
in webpack docs. Dependent on enableAutomaticChunking
being enabledamdExcludes
: Array of module names to exclude from AMD parsing. Incldues ["lodash"]
by default.externals
: exposing the Webpack config to modify externals, see docs.ssrExternals
: Similar to above, but for ssr.js
only.cssModules
: Boolean, true by default.backpack-react-scripts
To publish a new version of backpack-react-scripts
, run the following command:
npm run publish -- --scope backpack-react-scripts
You will be prompted to select a new semver version (MAJOR, MINOR, PATCH). Use the CHANGELOG.md to decide on the nature of the changes since the last release.
npm run publish -- --scope backpack-react-scripts --canary
Update the CHANGELOG.md with the new version, taking care to follow the format of previous releases.
We wish to keep this fork updated with the upstream repo to benefit from the ongoing open source development
of create-react-app
. To keep this fork up to date, please follow the steps below:
Ensure master
is in sync with upstream/master
:
git checkout master
git remote add upstream git@github.com:facebook/create-react-app.git
git fetch upstream
git reset --hard upstream/master
git push --force-with-lease
Rebase fork
on top of a tagged release on master
:
git checkout fork
git rebase <commit>
Note:
<commit>
should be the SHA-1 of the latest upstream release - not just the latest i.e.upstream/master
Pair with someone else to fix any conflicts and cross examine changes in upstream with changes in our fork.
This is the most time consuming part. Take care to make sure you are not regressing any functionality that we have added in our fork.
Re-name your local, rebased fork
branch to something else and push it to origin. This will ensure it runs through CI and you can verify your changes.
git branch -m <branch>
git push origin <branch>
Finally, when we are confident that the rebase has been successful, re-name your branch back to fork
and push it to origin:
git branch -m fork
git push --force-with-lease
FAQs
Backpack configuration and scripts for Create React App.
We found that backpack-react-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.