Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
definitely-loader
Advanced tools
A webpack loader which disallows importing nonexistent members from a module
A Webpack loader which renders imported modules definite, such that attempts to reference nonexistent exports thereof generate exceptions.
$ npm install --save-dev definitely-loader
import { foo } from 'definitely!./some/module'
doSomething(foo) // throws an error if `baz` is not actually exported by `./some/module`
For some source formats there exist Webpack loaders which can statically determine whether imported names are valid (notably for ES6 there is eslint-loader
with the import
plugin). For the rest, this loader offers the next best option: a runtime error.
For example, if you are using the excellent css-loader
to import locally-scoped styles, you still have the problem that you might be trying to reference styles which don't exist in your .css
file. For example, with this CSS module:
/* MyComponent.css */
.foo {
background-color: red
}
and this React component adjacent to it:
// MyComponent.js
import React from 'react'
import styles from './MyComponent.css'
export default class MyComponent extends React.Component {
render() {
return (<div className={styles.bar} />) // silently fails!
}
}
the reference to styles.bar
in the render
is a bug, because bar
is not defined in our CSS, but it silently evaluates to undefined
and the only evidence that anything is wrong is that things won't look as we expect. Hunting down the source of such a bug is far more laborious than it should be. Instead we can make that line generate a runtime error by adding definitely-loader
to the CSS loader chain in webpack.config.js
, for example:
{
test: /\.css$/,
loaders: [
'definitely',
'style',
'css?modules'
]
}
FAQs
A webpack loader which disallows importing nonexistent members from a module
The npm package definitely-loader receives a total of 2 weekly downloads. As such, definitely-loader popularity was classified as not popular.
We found that definitely-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.