Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

ezzy-package-loader

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ezzy-package-loader

A webpack package loader that helps expose and obscure properties from package.json files.

  • 1.2.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

ezzy-package-loader

Build Status Coverage Status

Sometimes we make use of package.json to centralize configurable properties of our app, this becomes a dilemma when importing data from files that are compiled via webpack because our raw source code is left exposed for the whole public to see. This means that if you write code like this:

const { version } = require('../package.json');
// or 
export { version } from '../package.json';

Most likely you have all the properties of your package.json out there for the whole world to see. This is why I’ve built this package loader, so we can still centralize our configuration and yet, not share our sensitive details to the world.

All you have to do is install this dependency using

npm i -D ezzy-package-loader 

And then add a custom loader to your webpack.config.js file.

{
  module: {
    rules: [
      {
        test: /package\.json$/,
        type: 'javascript/auto', // important
        use: ['ezzy-package-loader']
      }
    ]
  }
}

Usage

By default, all the properties in a package.json are considered private, so the loader will return an empty object if none of the following options are set.

_expose = true

When a property _expose = true is set, the loader assumes that everything within the same scope and under it should be exposed to webpack.

So:

{
  "name": "my-package",
  "version": "1.0.0",
  "customConfig": {
    "_expose": true,
    "property": 123,
    "props": {
      "config": {
        "childProp": 345
      }
    }
  }
}

Will result in:

{
  "customConfig": {
    "property": 123,
    "props": {
      "config": {
        "childProp": 345
      }
    }
  }
}

_expose = {String[]|String}

This will only expose the named properties in the array. If the property is a string, we don't include it.

So:

{
  "_expose": ["name", "customConfig"],
  "name": "my-package",
  "version": "1.0.0",
  "customConfig": {
    "_expose": ["property"],
    "property": 123,
    "props": {
      "config": {
        "childProp": 345
      }
    }
  }
}

Will result in:

{
  "name": "my-package",
  "customConfig": {
    "property": 123
  }
}

FAQs

Package last updated on 28 Apr 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc