Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
express-istatic
Advanced tools
Add compressed inline css and scripts to your html, but write them as seperated files.
Add compressed inline css and scripts to your html, but write them as seperated files.
You don't have to worry about accessing the template's local variables. And you can even include a .less
file.
You may also like to have a loot at autostatic.
var istatic = require('express-istatic');
va app = express.createServer();
app.locals({
istatic: istatic.serve({ compress: false })
});
The parameter passed to istatic.serve
is an options object, which is optional.
Available options are:
name | description | default |
---|---|---|
root | The root of your inline static files. | process.cwd() + '/public/' |
ttl | By default, the contents of your static files are cached in memory forever, until the process dies. You can set the ttl to a number of seconds, so the cache will be cleared every that much of time.
| undefined |
charset | The charset of your static files. | utf-8 |
compress | Whether to compress the included contents. | true |
debug | When set to true, will output the absolute path of included file. |
false || process.env.DEBUG
|
js | The options object for compressing a js file. It will be passed to UglifyJS. | undefined |
css | The options object for compressing a css file. It will be passed to UglifyCSS | undefined |
For css and js options, you can define an js.filter
or css.filter
, to do some filtering(like remove console.log()
) before compressing.
eg.
{
js: {
filter: function(str) {
return str.replace(/console.log(.+?)/, '');
}
}
}
Now you can include static files in your template like this:
#{istatic(filename, [options])}
filename
is the path of your static file. If it begins with a '/', the real path will be process.cwd() + filename
. Otherwise, the file will be looked up from the root of your inline static files, as you configured before.
You can set available options above, except for root
and ttl
. A fresh
option is available for you to set this istatic
call always read from file directly.
Be careful, since jade
can not correctly parse curly braces inside a couple of curly braces, don't write:
script
#{istatic('js/my.js', { showPath: (DEBUG ? true : false) })}
Write like this instead:
istatic_opt = { showPath: (DEBUG ? true : false) }
script
#{istatic('js/my.js', istatic_opt)}
And it's definitely easier to read and maintain, too.
Just get in touch with them in the form you already very familiar with:
#{data.title}
Attention: no matter what templating language you are using, you must always use this syntax in your static files.
And don't put {}
inside the curly braces. This is for performance consideration.
You can even excecute a local funtion just as what you will do in the template:
#{usr.getId('haha...')}
NOTE: These APIs are not for templates.
Return the inlined string of some file.
Everytime you call istatic
directly, it the options
is given, these options will be saved as default options for any other later istatic
or istatic.serve
calls.
But when you call istatic(filename, options)
from a template, the options will not be saved as default options.
APIs listed below are not suitable for an inside template call.
To return a function of istatic(filename, [options])
, to read the file. This is typically used as an express helper.
Specificly set default options for istatic('filepath')
, which will be set implicitly at the first call of istatic('filename', options)
or istatic.serve(options)
.
Uglify some css string. Options are passed to UglifyCSS.
Uglify some js string. Options are passed to UglifyJS.
In /app.js:
var express = require('express');
var istatic = require('express-istatic');
var app1 = express.createServer();
var app2 = express.createServer();
app1.locals({
istatic: istatic.serve()
});
app2.locals({
istatic: istatic.serve({ compress: false })
});
var compressed_css = istatic.uglify.css('.class1 { font: Arial; }');
var compressed_js = istatic.uglify.js('// some javascript codes..');
// will be compressed
var str_pinyin_js = istatic('/utils/pinyin.js');
app1.get('/example', function(req, res, next) {
res.render('example.jade', {
user: req.user
});
});
In /view/example.jade:
script
!{istatic('js/log_user.js')}
In /public/js/log_user.js:
var user = "#{user}"
user && $.post('/log', { user: user });
(The MIT License)
Copyright (c) 2012 Jesse Yang <jyyjcc@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Add compressed inline css and scripts to your html, but write them as seperated files.
The npm package express-istatic receives a total of 2 weekly downloads. As such, express-istatic popularity was classified as not popular.
We found that express-istatic demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.