
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
crootfast-webpack
Advanced tools
一个基于 Webpack 5 的现代化前端工程化命令行工具,专注于提供开箱即用的 React 项目开发和构建解决方案。
# 全局安装
npm install -g crootfast-webpack
# 或者使用 yarn
yarn global add crootfast-webpack
工具提供了简短的命令别名 cw,使用起来更加方便。
启动开发服务器:
cw dev
支持的选项:
-p, --port <port>: 指定端口号(默认:8080)-h, --host <host>: 指定主机名--no-open: 禁止自动打开浏览器构建生产版本:
cw build
支持的选项:
-a, --analyzer: 启用打包分析--no-clean: 构建时不清理输出目录在你的项目根目录下的 package.json 中,添加以下 scripts 配置:
{
"scripts": {
"dev": "cw dev",
"build": "cw build",
"build:analyzer": "cw build --analyzer"
}
}
然后你可以使用以下命令:
npm run dev 启动开发服务器npm run build 构建生产版本npm run build:analyzer 构建并分析打包结果项目根目录下的 m.config.js 文件用于自定义配置。配置文件中可以直接使用 CLI 内置的工具函数:
路径工具
resolvePath(relativePath): 解析相对路径为绝对路径getRootPath(): 获取项目根目录getRelativePath(from, to): 获取相对路径文件工具
readJsonFile(path): 读取 JSON 文件writeJsonFile(path, data): 写入 JSON 文件copyFile(src, dest): 复制文件copyDir(src, dest): 复制目录remove(path): 删除文件或目录环境工具
isDev(): 是否为开发环境isProd(): 是否为生产环境getNodeEnv(): 获取当前环境通用工具
versionDateTime(): 获取版本时间戳,用于缓存控制module.exports = {
// 开发服务器配置
devServer: {
port: 3000,
host: 'localhost',
open: true
},
// webpack 配置扩展
webpack: {
// 可以是一个对象,直接合并到 webpack 配置中
// 也可以是一个函数,接收当前配置作为参数
configure: (webpackConfig, { env }) => {
// 自定义 webpack 配置
return webpackConfig;
}
},
// 模块联邦配置
federation: {
// 开发环境配置
development: [
{
name: 'myApp',
filename: 'remoteEntry.js',
remotes: {
'remote-app': 'remote@http://localhost:3001/remoteEntry.js'
},
exposes: {
'./Button': './src/components/Button',
'./Header': './src/components/Header'
},
shared: {
react: { singleton: true, requiredVersion: '^18.2.0' },
'react-dom': { singleton: true, requiredVersion: '^18.2.0' }
}
},
{
name: 'adminApp',
filename: 'adminEntry.js',
remotes: {
'admin-components': 'admin@http://localhost:3002/adminEntry.js'
},
exposes: {
'./AdminPanel': './src/admin/AdminPanel'
},
shared: {
react: { singleton: true, requiredVersion: '^18.2.0' }
}
}
],
// 生产环境配置
production: [
{
name: 'myApp',
filename: 'remoteEntry.js',
remotes: {
'remote-app': 'remote@https://production.example.com/remoteEntry.js'
},
exposes: {
'./Button': './src/components/Button',
'./Header': './src/components/Header'
},
shared: {
react: { singleton: true, requiredVersion: '^18.2.0' },
'react-dom': { singleton: true, requiredVersion: '^18.2.0' }
}
},
{
name: 'adminApp',
filename: 'adminEntry.js',
remotes: {
'admin-components': 'admin@https://admin.example.com/adminEntry.js'
},
exposes: {
'./AdminPanel': './src/admin/AdminPanel'
},
shared: {
react: { singleton: true, requiredVersion: '^18.2.0' }
}
}
]
}
};
name: 当前应用的唯一标识名remotes: 要引入的远程模块配置
远程应用名@远程入口文件URLexposes: 暴露给其他应用使用的模块
shared: 与其他应用共享的依赖
singleton: 是否强制使用单例模式requiredVersion: 所需的版本范围推荐的项目目录结构:
my-app/
├── src/
│ ├── assets/ # 静态资源
│ ├── components/ # 组件
│ ├── pages/ # 页面
│ ├── styles/ # 样式
│ └── index.js # 入口文件
├── public/ # 公共资源
├── m.config.js # 配置文件
└── package.json
NODE_ENV: 运行环境(development/production)PUBLIC_URL: 部署的基础路径默认支持现代浏览器和 IE11+。可以通过 .browserslistrc 文件自定义支持的浏览器范围。
欢迎提交 Issue 和 Pull Request。
ISC License
FAQs
大前端工程化工具(webpack-cli)
The npm package crootfast-webpack receives a total of 31 weekly downloads. As such, crootfast-webpack popularity was classified as not popular.
We found that crootfast-webpack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.