Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
google-closure-compiler
Advanced tools
Check, compile, optimize and compress Javascript with Closure-Compiler
Check, compile, optimize and compress Javascript with Closure-Compiler
This repository tracks issues related to the publication to npmjs.org and associated plugins. Any bugs not related to the plugins themselves should be reported to the main repository.
If you are new to Closure-Compiler, make sure to read and understand the compilation levels as the compiler works very differently depending on the compilation level selected.
For help or questions with the compiler, the best resource is Stack Overflow. Posts there are monitored by multiple Closure Compiler team members.
You may also post in the Closure Compiler Discuss Google Group.
Please don't cross post to both Stackoverflow and Closure Compiler Discuss.
The compiler is distributed as a Java jar and a JavaScript library. Mac OS and Linux also have native binaries.
On Linux, Mac OS and Windows, optional dependencies will install a native binary of the compiler. Native binaries offer faster compile times without requiring Java to be installed and available. Compilations with a very large number of source files may be slightly slower than the java version.
Requires java to be installed and in the path. Using the java version typically results in faster compilation times.
This is a transpiled version of the Java source to native JavaScript. It can be used in environments without java installed and even in a browser.
Note: not all flags are available for the JavaScript version.
The simplest way to invoke the compiler (e.g. if you're just trying it out) is with npx
:
npx google-closure-compiler --js=my_program.js --js_output_file=out.js
The npx version will attempt to detect the best platform to use. You can also specify the platform
with the special --platform
flag.
npm install --save google-closure-compiler
See the full list of compiler flags.
The build tool plugins take options objects. The option parameters map directly to the compiler flags without the leading '--' characters. You may also use camelCase option names.
Values are either strings or booleans. Options which have multiple values can be arrays.
{
js: ['/file-one.js', '/file-two.js'],
compilation_level: 'ADVANCED',
js_output_file: 'out.js',
debug: true
}
For the java version, some shells (particularly windows) try to do expansion on globs rather than passing the string on to the compiler. To prevent this it is necessary to quote certain arguments:
{
js: '"my/quoted/glob/**.js"',
compilation_level: 'ADVANCED',
js_output_file: 'out.js',
debug: true
}
The compiler package also includes build tool plugins for Grunt and Gulp. There is also an official webpack plugin.
Additionally, community members have created plugins leveraging this library.
Override the path before first use.
const Compiler = require('google-closure-compiler');
Compiler.prototype.javaPath = '/node_modules/MODULE_NAME/jre/jre1.8.0_131.jre/Contents/Home/bin/java';
const compiler = new Compiler({args});
Note: nailgun users are encouraged to try the native binary versions where available.
This gets around the long startup time of Google Closure Compiler using Nailgun, which runs a single java process in the background and keeps all of the classes loaded.
First you need to install closure-gun by running the following command.
npm install closure-gun
Then point the package to use closure-gun rather than the JDK.
const compilerPackage = require('google-closure-compiler');
compilerPackage.compiler.JAR_PATH = undefined;
compilerPackage.compiler.prototype.javaPath = './node_modules/.bin/closure-gun'
Note that when using gulp, Only invocations without gulp.src work with nailgun.
A low-level node class is included to facilitate spawning the compiler jar as a process from Node. In addition, it exposes a static property with the path to the compiler jar file.
const ClosureCompiler = require('google-closure-compiler').compiler;
console.log(ClosureCompiler.COMPILER_PATH); // absolute path to the compiler jar
console.log(ClosureCompiler.CONTRIB_PATH); // absolute path to the contrib folder which contain externs
const closureCompiler = new ClosureCompiler({
js: 'file-one.js',
compilation_level: 'ADVANCED'
});
const compilerProcess = closureCompiler.run((exitCode, stdOut, stdErr) => {
//compilation complete
});
const ClosureCompiler = require('google-closure-compiler').jsCompiler;
console.log(ClosureCompiler.CONTRIB_PATH); // absolute path to the contrib folder which contains externs
const closureCompiler = new ClosureCompiler({
compilation_level: 'ADVANCED'
});
const compilerProcess = closureCompiler.run([{
path: 'file-one.js',
src: 'alert("hello world")',
sourceMap: null // optional input source map
}], (exitCode, stdOut, stdErr) => {
//compilation complete
});
Copyright 2015 The Closure Compiler Authors
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Closure Compiler release notes can be found on the main repository wiki.
FAQs
Check, compile, optimize and compress Javascript with Closure-Compiler
The npm package google-closure-compiler receives a total of 73,314 weekly downloads. As such, google-closure-compiler popularity was classified as popular.
We found that google-closure-compiler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.