Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding -  Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
configs-webpack-plugin
Advanced tools
configs-webpack-plugin
A simplified AoT runtime config solution for your webpack builds
Configs Webpack Plugin
A simplified AoT runtime config solution for your webpack builds
:gear: Install
yarn add --dev configs-webpack-plugin
:point_up: What?
This is a webpack plugin that helps simplify the management and orchestration of multi-environment or multi-target webpack bundles, where you want one bundle to travel between environments. That treeshakes your config to only what is being consumed.
A use case could be where you have a traditional staging and production
environment. Where you might to send api traffic to a different server in
staging than in production, but instead of sending in a target name, and
if else'ing that domain.
You can with this plugin; simply: import { apiDomain } from '@my-org/config,
and have that made avaliable to the bundle at runtime irrespective of config
being ran.
Few benefits:
- Source Maps work, as this is a proper import, and no code-rewriting happens.
- Deterministic config, webpack will throw an exception of a consumer is importing or using a config variable that isnt given in the first place.
:bulb: How?
I do this by collecting all request's that you're wanting to be a config. So
from the above example; @my-org/config is trapped by webpack and converted
into what I call a Config Query module.
This Config Query module, can either be concatenated by a single consumer of
config, or referenced by all your modules.
This Config Query module then requires a chunked of module called a Config
module, that actually houses the config. The trick here is that this isnt a
traditional async chunk, as it needs to exist AoT! So include the chunk before
the bootstrap chunk.
:rocket: Want to use me?
webpack.config.js
const { RuntimeConfigsPlugin } = require('configs-webpack-plugin');
module.exports = {
entry: 'index.js',
output: {
chunkFilename: '[name]-[contenthash].js',
},
plugins: [
new RuntimeConfigsPlugin({
request: '@my-org/config',
configs: [
{
name: 'staging',
config: { apiDomain: 'https://staging-server.com' },
},
{
name: 'production',
config: { apiDomain: 'https://production-server.com' },
},
],
}),
],
};
Will note that it is important you're using
[name]or something in thechunkFilenameoutput option, as each config chunk will have the same internal id.
:nut_and_bolt: Options
| Name | Type | Description |
|---|---|---|
request | string | The import token that you're using to import your configs. Eq. the @my-org/config in import { apiDomain } from '@my-org/config |
configs | { name: string, config: any[] }[] | An array of Config objects a name to json serializable values. That'll be given to the issuing module at runtime. Root values must be object keys. |
also; configs can be a
generator.
The yield'ing is done only once, and deferred to just when it's needed.
:fishing_pole_and_fish: Hooks!!!
There are also hooks, so you can couple it with html-webpack-plugin to inject config chunks. Example
configChunkSyncHook<Options['configs'], Chunk>calls for every config chunk that will emit.configChunksSyncHook<Options['configs'][], Chunk[]>calls once all config chunks have been created; coupled with the array of configs. Matching index with the chunk to config.
These get called during the
afterChunkshook; so be sure to tap in themakehook or alike. If you needfilestap in one of theemittype hooks, and then get thefilesproperty from the chunk.
RuntimeConfigsPlugin.getHooks(compilation).configChunks.tap(
My_PLUGIN,
(configs, chunks) => {
// Assuming you're using the example plugin config from above.
expect(chunks).toHaveLength(2);
},
);
:pray: Future!
- I hope too also support built time config. Say have features implemented behind a feature flag, but compiled away.
:disappointed_relieved: Caveats
- Node targets aren't currently supported, as async or deferred chunks can't be imported. Thinking maybe you can by utilizing node's require cache to inject this custom module before the main one kicks of. Will continue to tinker with this; who knows maybe v2 :eyes:.
- jsonp has to be turned on for your bundle. So even if all of your code is synchronous - the jsonp runtime code will be added.
FAQs
A simplified AoT runtime config solution for your webpack builds
We found that configs-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 02 Apr 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding -  Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding -  Oct 29, 2025