Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
backpack-react-scripts
Advanced tools
Backpack configuration and scripts for Create React App.
This package is a fork of Create React App (specifically the
react-scripts
package). It's intended to be used in conjuction with create-react-app
like so:
npx create-react-app my-app --scripts-version=backpack-react-scripts
# start your app development like you normally would with `create-react-app`
cd my-app
npm start
.css
& .scss
files.css.html
& js.html
: New files in the build/
output folder. These are html partials that include <script />
and <link />
references to the various static assets output by webpack. Useful if automatic chunking is turned on and you don't want to worry about order."backpack-react-scripts"
field in package.json
:
crossOriginLoading
: Modify the default behaviour, see docs.babelIncludePrefixes
: An array of module name prefixes to opt into babel compilation. Includes ["bpk-", "saddlebag-"]
by default.enableAutomaticChunking
: Boolean, opt in to automatic chunking of vendor, common and app code.vendorsChunkRegex
: String, Regex for picking what goes into the vendors
chunk. See cacheGroups
in webpack docs. Dependent on enableAutomaticChunking
being enabledamdExcludes
: Array of module names to exclude from AMD parsing. Incldues ["lodash"]
by default.externals
: exposing the Webpack config to modify externals, see docs.ssrExternals
: Similar to above, but for ssr.js
only.cssModules
: Boolean, true by default.backpack-react-scripts
To publish a new version of backpack-react-scripts
, run the following command:
npm run publish -- --scope backpack-react-scripts
You will be prompted to select a new semver version (MAJOR, MINOR, PATCH). Use the CHANGELOG.md to decide on the nature of the changes since the last release.
npm run publish -- --scope backpack-react-scripts --canary
Update the CHANGELOG.md with the new version, taking care to follow the format of previous releases.
We wish to keep this fork updated with the upstream repo to benefit from the ongoing open source development
of create-react-app
. To keep this fork up to date, please follow the steps below:
Ensure master
is in sync with upstream/master
:
git checkout master
git remote add upstream git@github.com:facebook/create-react-app.git
git fetch upstream
git reset --hard upstream/master
git push --force-with-lease
Rebase fork
on top of a tagged release on master
:
git checkout fork
git rebase <commit>
Note:
<commit>
should be the SHA-1 of the latest upstream release - not just the latest i.e.upstream/master
Pair with someone else to fix any conflicts and cross examine changes in upstream with changes in our fork.
This is the most time consuming part. Take care to make sure you are not regressing any functionality that we have added in our fork.
Re-name your local, rebased fork
branch to something else and push it to origin. This will ensure it runs through CI and you can verify your changes.
git branch -m <branch>
git push origin <branch>
Finally, when we are confident that the rebase has been successful, re-name your branch back to fork
and push it to origin:
git branch -m fork
git push --force-with-lease
FAQs
Backpack configuration and scripts for Create React App.
The npm package backpack-react-scripts receives a total of 2 weekly downloads. As such, backpack-react-scripts popularity was classified as not popular.
We found that backpack-react-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.