Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Compile an ES Module for release on npm
Install it locally to your project by running:
yarn add --dev build-esm
Add build-esm
as a build
script to package.json
:
{
"name": "project",
"scripts": {
"build": "build-esm"
}
}
Then, run:
yarn build
build-esm
copies all files that would be published by npm publish
or
yarn publish
(accounting for .npmignore
and files
in package.json
) into
the dist
directory, compiling all JavaScript files (with the .js
extension)
using Babel. All of the standard ways of configuring Babel (through the babel
key in package.json
and .babelrc
) apply.
The package can be published by running:
npm publish dist
When publishing from a continuous integration service, build-esm
can compile
files in-place, allowing npm publish
without arguments to work as desired.
To enable in-place compilation, add build-esm
as a prepack
script to
package.json
:
{
"name": "project",
"scripts": {
"prepack": "build-esm"
}
}
Note that prepack
is only supported in npm
version 5 and greater.
Here are some example deployment workflows:
FAQs
Compile an ES Module for release on npm
The npm package build-esm receives a total of 193 weekly downloads. As such, build-esm popularity was classified as not popular.
We found that build-esm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.