![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
esbuild-wasm
Advanced tools
Package description
The esbuild-wasm package is a WebAssembly-based version of the esbuild bundler and minifier. It provides extremely fast build times and is designed to be used in environments where native binaries cannot be executed, such as in browsers or some serverless platforms. It supports transforming, bundling, and minifying JavaScript and TypeScript files.
Bundling JavaScript
This code initializes esbuild-wasm and bundles a JavaScript file, outputting a single bundled file. It demonstrates how to set up and execute a basic bundling process.
const esbuild = require('esbuild-wasm');
esbuild.initialize({ worker: true, wasmURL: '/path/to/esbuild.wasm' }).then(() => {
esbuild.build({
entryPoints: ['input.js'],
bundle: true,
outfile: 'output.js'
}).catch(() => process.exit(1));
});
Minifying CSS
This example shows how to use esbuild-wasm to minify a CSS file. It sets up the esbuild environment and performs minification, outputting the minified CSS.
const esbuild = require('esbuild-wasm');
esbuild.initialize({ worker: true, wasmURL: '/path/to/esbuild.wasm' }).then(() => {
esbuild.build({
entryPoints: ['input.css'],
minify: true,
outfile: 'output.css'
}).catch(() => process.exit(1));
});
Transpiling TypeScript
This code snippet demonstrates how to transpile TypeScript into JavaScript using esbuild-wasm. It includes setting up the environment, specifying the loader for TypeScript files, and bundling the output.
const esbuild = require('esbuild-wasm');
esbuild.initialize({ worker: true, wasmURL: '/path/to/esbuild.wasm' }).then(() => {
esbuild.build({
entryPoints: ['input.ts'],
loader: { '.ts': 'ts' },
outfile: 'output.js',
bundle: true
}).catch(() => process.exit(1));
});
Webpack is a popular JavaScript module bundler with a vast ecosystem of plugins. It offers more configuration options and plugins compared to esbuild-wasm but is generally slower in terms of build speed.
Rollup is another module bundler that focuses on producing efficient bundles. It is known for its tree-shaking capabilities, which are similar to esbuild-wasm, but Rollup typically has slower build times and less efficient minification.
Parcel is a web application bundler that requires zero configuration for quick setup. It provides fast build times similar to esbuild-wasm and supports various file types natively, but it might not reach the same speed for larger projects.
Changelog
0.21.5
Fix Symbol.metadata
on classes without a class decorator (#3781)
This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata
property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata
property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.
Allow unknown import attributes to be used with the copy
loader (#3792)
Import attributes (the with
keyword on import
statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js
as type bagel
:
// This is an error with "--bundle" without also using "--external:./bagel.js"
import tasty from "./bagel.js" with { type: "bagel" }
Because of that, bundling this code with esbuild is an error unless the file ./bagel.js
is external to the bundle (such as with --bundle --external:./bagel.js
).
However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy
loader. That's because the copy
loader behaves similarly to --external
in that the file is left external to the bundle. The difference is that the copy
loader copies the file into the output folder and rewrites the import path while --external
doesn't. That means the following will now work with the copy
loader (such as with --bundle --loader:.bagel=copy
):
// This is no longer an error with "--bundle" and "--loader:.bagel=copy"
import tasty from "./tasty.bagel" with { type: "bagel" }
Support import attributes with glob-style imports (#3797)
This release adds support for import attributes (the with
option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:
async function loadLocale(locale: string): Locale {
const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
return unpackLocale(locale, data)
}
Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:
✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
example.ts:2:28:
2 │ const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
╵ ~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition, this change means plugins can now access the contents of with
for glob-style imports.
Support ${configDir}
in tsconfig.json
files (#3782)
This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir}
is now respected at the start of baseUrl
and paths
values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json
files specified via extends
refer to the directory of the top-level tsconfig.json
file. Here is an example:
{
"compilerOptions": {
"paths": {
"js/*": ["${configDir}/dist/js/*"]
}
}
}
You can read more in TypeScript's blog post about their upcoming 5.5 release. Note that this feature does not make use of template literals (you need to use "${configDir}/dist/js/*"
not `${configDir}/dist/js/*`
). The syntax for tsconfig.json
is still just JSON with comments, and JSON syntax does not allow template literals. This feature only recognizes ${configDir}
in strings for certain path-like properties, and only at the beginning of the string.
Fix internal error with --supported:object-accessors=false
(#3794)
This release fixes a regression in 0.21.0 where some code that was added to esbuild's internal runtime library of helper functions for JavaScript decorators fails to parse when you configure esbuild with --supported:object-accessors=false
. The reason is that esbuild introduced code that does { get [name]() {} }
which uses both the object-extensions
feature for the [name]
and the object-accessors
feature for the get
, but esbuild was incorrectly only checking for object-extensions
and not for object-accessors
. Additional tests have been added to avoid this type of issue in the future. A workaround for this issue in earlier releases is to also add --supported:object-extensions=false
.
Readme
This is the cross-platform WebAssembly binary for esbuild, a JavaScript bundler and minifier. See https://github.com/evanw/esbuild and the JavaScript API documentation for details.
FAQs
The cross-platform WebAssembly binary for esbuild, a JavaScript bundler.
The npm package esbuild-wasm receives a total of 1,778,256 weekly downloads. As such, esbuild-wasm popularity was classified as popular.
We found that esbuild-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.