Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
broccoli-multi-builder
Advanced tools
write and consume es6 source code, build to amd, globals or commonjs
This is for library authors who want to:
import "other-codebase"
) in their source code and still be able to publish to the above formatsvendoredModules
and it should still work fineimport X from "other-pkg"
is fine, but import X from "other-pkg/nested/thing"
is not)node_modules/
dir)/lib
dir (configurable via option libDirName
)dist/commonjs/<packageName>/
dist/amd/<packageName>.js
(the filename is configurable via option outputFileName
)dist/global/<packageName>.js
(the filename is configurable via option outputFileName
)/lib
) must also published to npm (so that it can be consumed by libraries that depend on this one, see below)lib/
dir (configurable) in that dependency's published npm package
options.loader = true
)require('<packageName>')["registerGlobal"](window, document);
registerGlobal
that it can call with the arguments (window, document)
. To override this set options.registerGlobalExport
to a different string. The registerGlobal
named export from your index.js is where you would do something like window.MyPackageName = X;
in order to allow a third-party to use your library as the global MyPackageName
."dist/commonjs/<packageName>/index.js"
(broccoli-multi-builder will check for this)require('your-package-name');
. require
calls for sub-directories (like require('your-package/thing');
) will not work properly due to the way node's module require system works (it looks for paths relative to the directory root, not relative to the location of the "main" file) and the fact that broccoli-multi-builder publishes your commonJS code in dist/commonjs
.dependencies
so that the transpiled code can use node's standard require
mechanism to bring them in)In order to publish your npm module so that another library that uses broccoli-multi-builder can consume it, you must:
lib/index.js
that provides the default export for your librarylib/
code when publishing to npmBrowser-based users can download your library via npm install <your-package-name>
and find
the format they prefer ("amd" or "global") available as a single file in the "dist/` directory, and
include that in their project via a mechanism of their choice.
Optionally, you may want to publish via bower as well.
Node-based users can install your library via npm install <your-package-name>
and then simply
require('your-package-name');
in their code. Node's standard require
mechanism will take care of
including any other dependencies at that point (although these must be listed in your package.json dependencies
).
To build your es6-based library using broccoli-multi-builder
for amd, global or commonjs output:
npm install --save-dev broccoli-multi-builder
npm install --global broccoli-cli
npm install --save-dev broccoli
npm install --save-dev broccoli-merge-trees
Add a Brocfile.js
file in the root of your project with the following code:
var multiBuilder = require('broccoli-multi-builder');
var mergeTrees = require('broccoli-merge-trees');
var amdOptions = {
libDirName: 'path/to/es6/src/directory', // default: 'lib'
packageName: 'my-package', // influences the name of the built file and directories,
// and the source root for the amd modules
vendoredModules: [] // the npm package names of any other modules that your es6 code
// consumes. Those packages must have a file/directory structure
// as described below
};
var globalOptions = {
libDirName: 'path/to/es6/src/directory', // default: 'lib'
registerGlobalExport: 'registerGlobal', // default: 'registerGlobal'
packageName: 'my-package', // influences the name of the built file and directories,
// and the source root for the amd modules
vendoredModules: [] // the npm package names of any other modules that your es6 code
// consumes. Those packages must have a file/directory structure
// as described below
};
var cjsOptions = {
libDirName: 'path/to/es6/src/directory', // default: 'lib'
packageName: 'my-package',
vendoredModules: [] // same as the vendored modules for the amdOptions
}
module.exports = mergeTrees([
multiBuilder.build('amd', amdOptions),
multiBuilder.build('global', globalOptions),
multiBuilder.build('commonjs', cjsOptions)
]);
Ensure you have an index.js
file in the root of your lib directory (e.g. lib/index.js
) that has a default export. If you are building for globals mode also ensure your index.js
exports a function named registerGlobal
.
Then do a broccoli build dist
to put your cjs and amd output into dist/
.
Note that broccoli will complain about writing to a directory that already exists
so you may need to rm -rf dist
first.
Read more about broccoli.js here.
If you are consuming another library built with broccoli-multi-builder:
npm install other-package
vendoredModules
that you pass to the build
method in your Brocfilelib/
es6 code, it should be fine to import default (import X from "other-package"
) and named exports (import { namedThing} from "other-package"
)import X from "other-package/thing"
) of a vendored moduleRemember that npm automatically ignores everything in your .gitignore
file, so if you
are sensibly ignoring the built artifacts that show up in your dist/
directory, you can do one of these:
FAQs
write and consume es6 source code, build to amd, globals or commonjs
The npm package broccoli-multi-builder receives a total of 0 weekly downloads. As such, broccoli-multi-builder popularity was classified as not popular.
We found that broccoli-multi-builder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.