Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
esbuild
Advanced tools
Package description
esbuild is a fast JavaScript bundler and minifier. It compiles TypeScript and JavaScript into a single file, minifies it, and can also handle CSS and image assets. It's designed for speed and efficiency, utilizing parallelism and native Go code to achieve its performance.
Bundling JavaScript
This code bundles 'app.js' and its dependencies into a single file 'out.js'.
require('esbuild').build({
entryPoints: ['app.js'],
bundle: true,
outfile: 'out.js'
}).catch(() => process.exit(1))
Minifying JavaScript
This code minifies 'app.js' to reduce file size and improve load times.
require('esbuild').build({
entryPoints: ['app.js'],
minify: true,
outfile: 'out.js'
}).catch(() => process.exit(1))
Transpiling TypeScript
This code compiles a TypeScript file 'app.ts' into JavaScript and bundles it into 'out.js'.
require('esbuild').build({
entryPoints: ['app.ts'],
bundle: true,
outfile: 'out.js'
}).catch(() => process.exit(1))
Serving files for development
This code starts a local server to serve files from the 'public' directory and bundles 'app.js' into 'public/out.js'.
require('esbuild').serve({
servedir: 'public',
port: 8000
}, {
entryPoints: ['app.js'],
bundle: true,
outfile: 'public/out.js'
}).then(server => {
// Server started
})
Webpack is a powerful and widely-used module bundler. It offers a rich plugin ecosystem and a highly configurable build process. Compared to esbuild, webpack is more mature with more features but is generally slower due to its JavaScript-based architecture.
Rollup is another JavaScript module bundler that focuses on producing efficient bundles for modern module formats like ES modules. It's known for its tree-shaking capabilities. Rollup is typically faster than webpack but slower than esbuild.
Parcel is a web application bundler that offers zero configuration out-of-the-box. It's faster than webpack and rollup but generally not as fast as esbuild. Parcel has a simpler user experience but may not be as flexible for complex configurations.
Terser is a JavaScript parser, mangler, and compressor toolkit for ES6+. It's often used for minifying JavaScript code. While esbuild also minifies code, terser is a dedicated tool for this purpose and can be used alongside other bundlers.
Changelog
0.17.13
Work around an issue with NODE_PATH
and Go's WebAssembly internals (#3001)
Go's WebAssembly implementation returns EINVAL
instead of ENOTDIR
when using the readdir
syscall on a file. This messes up esbuild's implementation of node's module resolution algorithm since encountering ENOTDIR
causes esbuild to continue its search (since it's a normal condition) while other encountering other errors causes esbuild to fail with an I/O error (since it's an unexpected condition). You can encounter this issue in practice if you use node's legacy NODE_PATH
feature to tell esbuild to resolve node modules in a custom directory that was not installed by npm. This release works around this problem by converting EINVAL
into ENOTDIR
for the readdir
syscall.
Fix a minification bug with CSS @layer
rules that have parsing errors (#3016)
CSS at-rules require either a {}
block or a semicolon at the end. Omitting both of these causes esbuild to treat the rule as an unknown at-rule. Previous releases of esbuild had a bug that incorrectly removed unknown at-rules without any children during minification if the at-rule token matched an at-rule that esbuild can handle. Specifically cssnano can generate @layer
rules with parsing errors, and empty @layer
rules cannot be removed because they have side effects (@layer
didn't exist when esbuild's CSS support was added, so esbuild wasn't written to handle this). This release changes esbuild to no longer discard @layer
rules with parsing errors when minifying (the rule @layer c
has a parsing error):
/* Original input */
@layer a {
@layer b {
@layer c
}
}
/* Old output (with --minify) */
@layer a.b;
/* New output (with --minify) */
@layer a.b.c;
Unterminated strings in CSS are no longer an error
The CSS specification provides rules for handling parsing errors. One of those rules is that user agents must close strings upon reaching the end of a line (i.e., before an unescaped line feed, carriage return or form feed character), but then drop the construct (declaration or rule) in which the string was found. For example:
p {
color: green;
font-family: 'Courier New Times
color: red;
color: green;
}
...would be treated the same as:
p { color: green; color: green; }
...because the second declaration (from font-family
to the semicolon after color: red
) is invalid and is dropped.
Previously using this CSS with esbuild failed to build due to a syntax error, even though the code can be interpreted by a browser. With this release, the code now produces a warning instead of an error, and esbuild prints the invalid CSS such that it stays invalid in the output:
/* esbuild's new non-minified output: */
p {
color: green;
font-family: 'Courier New Times
color: red;
color: green;
}
/* esbuild's new minified output: */
p{font-family:'Courier New Times
color: red;color:green}
Readme
This is a JavaScript bundler and minifier. See https://github.com/evanw/esbuild and the JavaScript API documentation for details.
FAQs
An extremely fast JavaScript and CSS bundler and minifier.
The npm package esbuild receives a total of 25,614,111 weekly downloads. As such, esbuild popularity was classified as popular.
We found that esbuild demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.