
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
config-webpack-plugin
Advanced tools
š« Merge one or more configuration files together with environment variables too.
npm install config-webpack-plugin --save-dev
webpack.config.js
:
const ConfigPlugin = require('config-webpack-plugin')
module.exports = {
plugins: [
new ConfigPlugin([
'./config.js',
'./config.local.js'
])
]
}
config-webpack-plugin
will merge all specified configuration file contents from right to left, thus creating a āmerged configurationā.key
matching a current environment variable then the related value
will be replaced by the environment variable's value.config-webpack-plugin
will intercept the āmain configurationā file (the first specified) during webpack's module resolution and will replace its source with the āmerged configurationā.const ConfigPlugin = require('config-webpack-plugin');
module.exports = {
plugins: [
new ConfigPlugin('./config.js')
]
}
const ConfigPlugin = require('config-webpack-plugin');
module.exports = {
plugins: [
new ConfigPlugin([
'./config.js',
'./config.local.js'
])
]
}
A module that export an object with key/value pairs that looks like:
module.exports = {
API_BASE_URL: 'http://localhost/',
NODE_ENV: 'development',
AUTH_SPOOFED: true,
}
No.
If you want to collaborate with the development of config-webpack-plugin
you need to have installed NodeJS 6 and Gulp. Then follow these instructions to make my life easier:
git checkout develop; git checkout -b feature/<name-of-feature>
.develop
branch.š Please, do not submit PR to be merged into
master
branch.
new ConfigPlugin(['./config.default.js', '.config.local.js'])
).š Do you want to suggest a feature? Add a suggestion.
FAQs
Merge configuration files with environment variables.
The npm package config-webpack-plugin receives a total of 22 weekly downloads. As such, config-webpack-plugin popularity was classified as not popular.
We found that config-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.Ā It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.