Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
gatsby-plugin-perf-budgets
Advanced tools
[![npm][npm]][npm-url] [![node][node]][node-url] [![deps][deps]][deps-url] [![tests][tests]][tests-url] [![downloads][downloads]][downloads-url]
Visualize size of webpack output files with an interactive zoomable treemap.
# NPM
npm install --save-dev webpack-bundle-analyzer
# Yarn
yarn add -D webpack-bundle-analyzer
const BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin;
module.exports = {
plugins: [
new BundleAnalyzerPlugin()
]
}
It will create an interactive treemap visualization of the contents of all your bundles.
This module will help you:
And the best thing is it supports minified bundles! It parses them to get real size of bundled modules. And it also shows their gzipped sizes!
new BundleAnalyzerPlugin(options?: object)
Name | Type | Description |
---|---|---|
analyzerMode | One of: server , static , disabled | Default: server . In server mode analyzer will start HTTP server to show bundle report. In static mode single HTML file with bundle report will be generated. In disabled mode you can use this plugin to just generate Webpack Stats JSON file by setting generateStatsFile to true . |
analyzerHost | {String} | Default: 127.0.0.1 . Host that will be used in server mode to start HTTP server. |
analyzerPort | {Number} or auto | Default: 8888 . Port that will be used in server mode to start HTTP server. |
reportFilename | {String} | Default: report.html . Path to bundle report file that will be generated in static mode. It can be either an absolute path or a path relative to a bundle output directory (which is output.path in webpack config). |
defaultSizes | One of: stat , parsed , gzip | Default: parsed . Module sizes to show in report by default. Size definitions section describes what these values mean. |
openAnalyzer | {Boolean} | Default: true . Automatically open report in default browser. |
generateStatsFile | {Boolean} | Default: false . If true , webpack stats JSON file will be generated in bundle output directory |
statsFilename | {String} | Default: stats.json . Name of webpack stats JSON file that will be generated if generateStatsFile is true . It can be either an absolute path or a path relative to a bundle output directory (which is output.path in webpack config). |
statsOptions | null or {Object} | Default: null . Options for stats.toJson() method. For example you can exclude sources of your modules from stats file with source: false option. See more options here. |
excludeAssets | {null|pattern|pattern[]} where pattern equals to {String|RegExp|function} | Default: null . Patterns that will be used to match against asset names to exclude them from the report. If pattern is a string it will be converted to RegExp via new RegExp(str) . If pattern is a function it should have the following signature (assetName: string) => boolean and should return true to exclude matching asset. If multiple patterns are provided asset should match at least one of them to be excluded. |
logLevel | One of: info , warn , error , silent | Default: info . Used to control how much details the plugin outputs. |
You can analyze an existing bundle if you have a webpack stats JSON file.
You can generate it using BundleAnalyzerPlugin
with generateStatsFile
option set to true
or with this simple
command:
webpack --profile --json > stats.json
If you're on Windows and using PowerShell, you can generate the stats file with this command to avoid BOM issues:
webpack --profile --json | Out-file 'stats.json' -Encoding OEM
Then you can run the CLI tool.
webpack-bundle-analyzer bundle/output/path/stats.json
webpack-bundle-analyzer <bundleStatsFile> [bundleDir] [options]
Arguments are documented below:
bundleStatsFile
Path to webpack stats JSON file
bundleDir
Directory containing all generated bundles.
options
-V, --version output the version number
-m, --mode <mode> Analyzer mode. Should be `server` or `static`.
In `server` mode analyzer will start HTTP server to show bundle report.
In `static` mode single HTML file with bundle report will be generated. (default: server)
-h, --host <host> Host that will be used in `server` mode to start HTTP server. (default: 127.0.0.1)
-p, --port <n> Port that will be used in `server` mode to start HTTP server. Should be a number or `auto` (default: 8888)
-r, --report <file> Path to bundle report file that will be generated in `static` mode. (default: report.html)
-s, --default-sizes <type> Module sizes to show in treemap by default.
Possible values: stat, parsed, gzip (default: parsed)
-O, --no-open Don't open report in default browser automatically.
-e, --exclude <regexp> Assets that should be excluded from the report.
Can be specified multiple times.
-l, --log-level <level> Log level.
Possible values: debug, info, warn, error, silent (default: info)
-h, --help output usage information
webpack-bundle-analyzer reports three values for sizes. defaultSizes
can be used to control which of these is shown by default. The different reported sizes are:
stat
This is the "input" size of your files, before any transformations like minification.
It is called "stat size" because it's obtained from Webpack's stats object.
parsed
This is the "output" size of your files. If you're using a Webpack plugin such as Uglify, then this value will reflect the minified size of your code.
gzip
This is the size of running the parsed bundles/modules through gzip compression.
When opened, the report displays all of the Webpack chunks for your project. It's possible to filter to a more specific list of chunks by using the sidebar or the chunk context menu.
The Sidebar Menu can be opened by clicking the >
button at the top left of the report. You can select or deselect chunks to display under the "Show chunks" heading there.
The Chunk Context Menu can be opened by right-clicking or Ctrl
-clicking on a specific chunk in the report. It provides the following options:
gzip
or parsed
sizes, it only shows stat
sizeIt happens when webpack-bundle-analyzer
analyzes files that don't actually exist in your file system, for example when you work with webpack-dev-server
that keeps all the files in RAM. If you use webpack-bundle-analyzer
as a plugin you won't get any errors, however if you run it via CLI you get the error message in terminal:
Couldn't parse bundle asset "your_bundle_name.bundle.js".
Analyzer will use module sizes from stats file.
To get more information about it you can read issue #147.
Yuriy Grunin |
Vesa Laakso |
Check out CONTRIBUTING.md for instructions on contributing :tada:
FAQs
**gatsby-plugin-perf-budgets** is an *experimental* plugin to make browsing bundles on a page basis easier. It is used in conjunction with `gatsby-plugin-webpack-bundle-analyser-v2`.
The npm package gatsby-plugin-perf-budgets receives a total of 4,661 weekly downloads. As such, gatsby-plugin-perf-budgets popularity was classified as popular.
We found that gatsby-plugin-perf-budgets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.