Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Express middleware to help with the bundling, minifying, obfuscating and versioning of static assets for delivery over a CDN.
Connect/Express-style middleware to help with the bundling, minifying, obfuscating and versioning of static assets for delivery over a CDN.
$ npm install exstatic
var
express = require('express'),
exstatic = require('exstatic'),
staticAssets = exstatic(),
app = express();
staticAssets.createAssetsFromDirectory(
'/static/:version/:dirname/:basename.:cacheId:extname',
__dirname + '/public'
);
app.use(staticAssets.middleware);
app.listen(80);
A directory structure like this:
app
+- public
| +- css
| | +- style.css
| +- js
| +- jquery.js
| +- app.js
+- app.js
will generate asset URLs similar to the following:
GET /static/1359528874/css/style.d9b28cb1.css
GET /static/1359528874/js/jquery.83f534af.js
GET /static/1359528874/js/app.057d0df0.js
exstatic can be started with some options to help structure generated URLs.
var exstatic = require('exstatic')
staticAssets = exstatic({
host: 'http://example.com',
cachePath: __dirname + '/static_cache',
version: 'v1'
});
Creates versioned asset URLs from the contents of one or more directories.
Arguments
pattern: A pattern string to build the asset URLs. Variables in the pattern are preceded by a colon, just like path parameters in Express routing. The available variables are:
require
d).directory: A string or array of strings of directories of files to be served.
Example
staticAssets.createAssetsFromDirectory(
'/static/:version/:dirname/:cacheId/:basename:extname',
[
'./public/foo',
'./public/bar'
]
);
Creates a single asset to be served with the specified settings.
Arguments
type: The preprocessing/compression strategy to use on this collection of files.
settings: An object containing the following parameters:
id (required): A string identifier for this asset.
pattern (required): A pattern string to build the asset URL. Variables in the pattern are preceded by a colon, just like path parameters in Express routing. Exstatic exposes the following variables:
require
d).files (required): An array of strings of file paths to be processed and/or compressed per the type argument, and be concatenated into a single file.
Note: Some asset types may define additional settings.
Example
staticAssets.createAsset(
'javascript',
{
id: 'js/lib.js',
pattern: '/static/:version/js/:cacheId/lib.js',
files: [
'./public/lib/js/underscore.js',
'./public/lib/js/jquery.js',
'./public/lib/js/jquery.form2json.js',
'./public/lib/js/jquery.locus.js',
'./public/lib/js/backbone.js'
]
}
);
In order to start serving the defined assets and reference their generated URLs
from your templates, the exstatic middleware method must be use
d by your
Express application:
var
express = require('express'),
exstatic = require('exstatic')
staticAssets = exstatic(),
app = express();
// assets get defined here
// express configuration gets started here
app.use(staticAssets.middleware);
app.listen(80);
N.B.: Currently, exstatic only provides a means for referencing assets for Mustache-style languages like Hogan.js and handlebars.js. (I'll gladly accept patches to extend support!)
To render the CDN-friendly asset URL from the asset defined in the above
createAsset
example, just use the {{#staticAssets}}
lambda:
<!DOCTYPE html>
<html>
<head>
<title>exstatic!</title>
<script type="text/javascript" src="{{#staticAssets}}js/lib.js{{/staticAssets}}></script>
</head>
<body>
</body>
</html>
Assets are the fundamental building block of exstatic. They are the definitions of static content your application will serve, with the help of exstatic's middleware.
When creating assets using createAsset
, a type must be specified as the first
argument. The following types are currently available:
Additional types can be created simply by inheriting the Asset
object defined
in lib/Asset.js. The built-in types (in lib/assets/) can help in getting
started.
To use your own types, make sure the folder they're kept in is included in the
typeSearchPath
setting initially passed to exstatic.
An individual asset may have multiple variations. Asset variations are
distinguished by the values used for variables in the Asset's pattern, which
defines a unique URL for the variation. Exstatic defines and assigns values
for some pattern variables by default, namely, version
and cacheId
.
Additional pattern variables can be defined by a colon prefixed identifier in
the Asset's pattern string (e.g., :myvariable
), which can then be used to
create additional variations of an Asset with the help of event handlers.
When an Asset's pattern is matched for an incoming request, but no matching variation exists to create a response, a new Asset variation is created. The new variation then enters the render pipeline to build a response. The render pipeline is a procedure generally represented by the following steps:
During the render process, the Asset variation maintains a cache of processed output of each file. Events are the means to modify the Asset variation and the output at various points of the render pipeline.
An Asset may emit the following events when building a new variation:
Arguments
true
as the first argument. *variantPostRenderFile*
Arguments
variant: a reference to the Asset variation.
file: a string of the path of the file currently being processed. This can be used to get/set the current state of the output of the file using the following methods of the Asset variation:
callback: a function that when called, signals the render pipeline to
resume processing the Asset variation. An error may be raised by passing an
expression that evaluates to true
as the first argument.
Examples are available with the git repository. Each requires Express v3.x, and should be run from within it's own directory.
Assuming express is installed and accessible from where git clone
is run:
$ git clone git@github.com:2sidedfigure/exstatic.git
$ cd exstatic/examples/js
$ node index.js
± ryan (ryan@2-si.de). Development was and continues to be sponsored by YellowBot.
Copyright (c) 2013 Ryan Ettipio
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Express middleware to help with the bundling, minifying, obfuscating and versioning of static assets for delivery over a CDN.
We found that exstatic demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.