Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
bundle-blaster
Advanced tools
bundle-blaster · 
A build plugin to help you bundle icons without huge bundle sizes (seamlessly integrates with any icon pack)
Installation
npm install bundle-blaster
How does Bundle Blaster work?
Bundle Blaster works by selecting by turning your general icon imports into specific imports. For example, if you have a general import like this:
import { Icon1, Icon2, Icon3 } from 'icon-pack'; // Lots of MBs if no tree shaking
Bundle Blaster will turn this into:
// <KBs with tree shaking
import Icon1 from 'icon-pack/Icon1';
import Icon2 from 'icon-pack/Icon2';
import Icon3 from 'icon-pack/Icon3';
Usage
Integrating Bundle Blaster into your project is easy. Simply add the following to your next.config.js file:
next.config.js
import bundleBlaster from 'bundle-blaster';
// ...
const config = {
// ...
webpack: (config) => {
// ...
config.plugins.push(
bundleBlaster.webpack({
sources: ['icon-pack'],
nextjs: true,
}),
);
return config;
},
};
// ...
If you're not using Next.js or Webpack, bundle-blaster also exports plugins for Vite, Rollup, ESBuild, and RSPack:
import { webpack, vite, rollup, esbuild, rspack } from 'bundle-blaster';
// Example with Vite:
const vitePlugin = vite({
sources: ['icon-pack'],
});
Options
sources
Example: ['icon-pack', 'another-icon-pack']
The sources to bundle blast. This is an array of strings that represent the packages you want to bundle blast.
alias
Example: { 'icon-pack': 'path/to/icon-pack' }
The alias to use to resolve a specific package (think @rollup/plugin-alias). This is useful if you use a monorepo and have a package aliased to a different location.
nextjs
Example: true/false
The nextjs option is used to determine if you are using nextjs. If you are using Next.js, you can set this to true and Bundle Blaster will automatically resolve to dynamic importing instead of static (code splitting wins!).
Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
License
This project is licensed under the Apache 2.0 License - see the LICENSE.md file for details.
FAQs
A build plugin to help you bundle icons without huge bundle sizes
The npm package bundle-blaster receives a total of 3 weekly downloads. As such, bundle-blaster popularity was classified as not popular.
We found that bundle-blaster demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025