Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
What is esbuild?
esbuild is a fast JavaScript bundler and minifier. It compiles TypeScript and JavaScript into a single file, minifies it, and can also handle CSS and image assets. It's designed for speed and efficiency, utilizing parallelism and native Go code to achieve its performance.
What are esbuild's main functionalities?
Bundling JavaScript
This code bundles 'app.js' and its dependencies into a single file 'out.js'.
require('esbuild').build({
entryPoints: ['app.js'],
bundle: true,
outfile: 'out.js'
}).catch(() => process.exit(1))Minifying JavaScript
This code minifies 'app.js' to reduce file size and improve load times.
require('esbuild').build({
entryPoints: ['app.js'],
minify: true,
outfile: 'out.js'
}).catch(() => process.exit(1))Transpiling TypeScript
This code compiles a TypeScript file 'app.ts' into JavaScript and bundles it into 'out.js'.
require('esbuild').build({
entryPoints: ['app.ts'],
bundle: true,
outfile: 'out.js'
}).catch(() => process.exit(1))Serving files for development
This code starts a local server to serve files from the 'public' directory and bundles 'app.js' into 'public/out.js'.
require('esbuild').serve({
servedir: 'public',
port: 8000
}, {
entryPoints: ['app.js'],
bundle: true,
outfile: 'public/out.js'
}).then(server => {
// Server started
})Other packages similar to esbuild
webpack
Webpack is a powerful and widely-used module bundler. It offers a rich plugin ecosystem and a highly configurable build process. Compared to esbuild, webpack is more mature with more features but is generally slower due to its JavaScript-based architecture.
rollup
Rollup is another JavaScript module bundler that focuses on producing efficient bundles for modern module formats like ES modules. It's known for its tree-shaking capabilities. Rollup is typically faster than webpack but slower than esbuild.
parcel
Parcel is a web application bundler that offers zero configuration out-of-the-box. It's faster than webpack and rollup but generally not as fast as esbuild. Parcel has a simpler user experience but may not be as flexible for complex configurations.
terser
Terser is a JavaScript parser, mangler, and compressor toolkit for ES6+. It's often used for minifying JavaScript code. While esbuild also minifies code, terser is a dedicated tool for this purpose and can be used alongside other bundlers.
esbuild
This is a JavaScript bundler and minifier. See https://github.com/evanw/esbuild and the JavaScript API documentation for details.
0.25.10
-
Fix a panic in a minification edge case (#4287)
This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value
undefinedin this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):function identity(x) { return x } identity({ y: identity(123) }) -
Fix
@supportsnested inside pseudo-element (#4265)When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as
::placeholderfor correctness. The CSS nesting specification says the following:The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.
However, it seems like this behavior is different for nested at-rules such as
@supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:/* Original code */ ::placeholder { color: red; body & { color: green } @supports (color: blue) { color: blue } } /* Old output (with --supported:nesting=false) */ ::placeholder { color: red; } body :is() { color: green; } @supports (color: blue) { { color: blue; } } /* New output (with --supported:nesting=false) */ ::placeholder { color: red; } body :is() { color: green; } @supports (color: blue) { ::placeholder { color: blue; } }
FAQs
An extremely fast JavaScript and CSS bundler and minifier.
The npm package esbuild receives a total of 56,387,364 weekly downloads. As such, esbuild popularity was classified as popular.
We found that esbuild demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 17 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025