Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bundlewatch
Advanced tools
Readme
BundleWatch checks file sizes, ensuring bundled browser assets don't jump in file size.
Sharp increases in BundleWatch can signal that something is wrong - adding a package that bloats the slug, a wrong import, or forgetting to minify.
Inspired by Siddharth Kshetrapal bundlesize
Install the BundleWatch package:
npm install bundlewatch --save-dev
yarn add bundlewatch --dev
Add some basic configuration to your package.json
{
"name": "my package name",
"version": "0.0.1",
"bundlewatch": {
"files": [
{
"path": "myfolder/*.js",
"maxSize": "100kB"
}
]
}
}
Usage:
npm run bundlewatch
yarn run bundlewatch
This will give you command line output. If you want BundleWatch to report build status on your pull requests, see below.
BundleWatch can report its status on your GitHub Pull Requests.
BUNDLEWATCH_GITHUB_TOKEN
You will need to give BundleWatch access to your GitHub Statuses, which can be done by heading to: https://service.bundlewatch.io/setup-github
This will give you your BUNDLEWATCH_GITHUB_TOKEN
. You will need to set this as an environment variable in CI.
The most efficient way to get this running is to ensure that some environment variables are available for BundleWatch to find.
CI_REPO_OWNER
github.com/facebook/reactCI_REPO_NAME
github.com/facebook/reactCI_COMMIT_SHA
CI_BRANCH
If you're using, Travis, CircleCI, Wrecker, Drone or GitHub Actions these should all work out of the box.
Have a look at the source code to see which variables are automatically found:
getCIVars
After setting up the above you will have BuildStatus on your Pull Requests. Clicking the details link on the reported status will show you a results file breakdown.
Full documentation available on bundlewatch.io
Thanks goes to these wonderful people (emoji key):
Jake Bolam 💻 | Shouvik DCosta 💻 | Tyler Benning 🎨 | Leila Rosenthal 📖 | Francois Campbell 💻 | Emmanuel Ogbizi 🚧 💻 🛡️ | Pascal Iske 🐛 |
Oleksii Leonov 💻 | Nicolas Charpentier 💻 🚧 🛡️ |
This project follows the all-contributors specification. Contributions of any kind welcome!
Contributions of any kind are welcome! See the Contributing docs or Join us on Slack.
FAQs
Keep watch of your bundle size
The npm package bundlewatch receives a total of 60,643 weekly downloads. As such, bundlewatch popularity was classified as popular.
We found that bundlewatch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.