
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
git-revision-webpack-plugin
Advanced tools
[](https://badge.fury.io/js/git-revision-webpack-plugin) [](https://www.npmjs.com/package/
Simple webpack plugin that generates VERSION
and COMMITHASH
files during build based on a local git repository.
Given a webpack 5 project (check below for old webpack versions), install it as a local development dependency:
npm install --save-dev git-revision-webpack-plugin
Then, simply configure it as a plugin in the webpack config:
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [new GitRevisionPlugin()],
}
It outputs a VERSION
based on git-describe such as:
v0.0.0-34-g7c16d8b
A COMMITHASH
such as:
7c16d8b1abeced419c14eb9908baeb4229ac0542
And (optionally when branch is enabled) a BRANCH
such as:
master
It is also possible to use path substitutions on build to get the revision, version or branch as part of output paths.
[git-revision-version]
[git-revision-hash]
[git-revision-branch]
(only when branch is enabled)[git-revision-last-commit-datetime]
Example:
module.exports = {
output: {
publicPath: 'http://my-fancy-cdn.com/[git-revision-version]/',
filename: '[name]-[git-revision-hash].js',
},
}
The VERSION
, COMMITHASH
, LASTCOMMITDATETIME
and BRANCH
are also exposed through a public API.
Example using the DefinePlugin:
const webpack = require('webpack')
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
const gitRevisionPlugin = new GitRevisionPlugin()
module.exports = {
plugins: [
gitRevisionPlugin,
new webpack.DefinePlugin({
VERSION: JSON.stringify(gitRevisionPlugin.version()),
COMMITHASH: JSON.stringify(gitRevisionPlugin.commithash()),
BRANCH: JSON.stringify(gitRevisionPlugin.branch()),
LASTCOMMITDATETIME: JSON.stringify(gitRevisionPlugin.lastcommitdatetime()),
}),
],
}
The plugin requires no configuration by default, but it is possible to configure it to support custom git workflows.
lightweightTags: false
If you need lightweight tags support, you may turn on lightweightTags
option in this way:
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
lightweightTags: true,
}),
],
}
branch: false
If you need branch name support, you may turn on branch
option in this way:
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
branch: true,
}),
],
}
commithashCommand: 'rev-parse HEAD'
To change the default git
command used to read the value of COMMITHASH
.
This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
commithashCommand: 'rev-list --max-count=1 --no-merges HEAD',
}),
],
}
versionCommand: 'describe --always'
To change the default git
command used to read the value of VERSION
.
This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
versionCommand: 'describe --always --tags --dirty',
}),
],
}
branchCommand: 'rev-parse --abbrev-ref HEAD'
To change the default git
command used to read the value of BRANCH
.
This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
branchCommand: 'rev-parse --symbolic-full-name HEAD',
}),
],
}
lastCommitDateTimeCommand: 'log -1 --format=%cI'
To change the default git
command used to read the value of LASTCOMMITDATETIME
.
This configuration is not not meant to accept arbitrary user input and it is executed by the plugin without any sanitization.
const { GitRevisionPlugin } = require('git-revision-webpack-plugin')
module.exports = {
plugins: [
new GitRevisionPlugin({
branchCommand: 'log -1 --format=%ci',
}),
],
}
If your project is not running on Webpack 5, you will need older versions of this package.
npm install git-revision-webpack-plugin@3.0.6
npm install git-revision-webpack-plugin@2.5.1
Check issue 29 for more information.
FAQs
[](https://badge.fury.io/js/git-revision-webpack-plugin) [](https://www.npmjs.com/package/
We found that git-revision-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.