Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
grunt-bake
Advanced tools
Bake external includes into files to create static pages with no server-side compilation time
Bake static pages for production while using modular files while in development.
This plugin requires Grunt ~0.4.0
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-bake --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks( "grunt-bake" );
This module helps creating static pages while still having the coding comfort of multiple small files. It also helps not to repeat yourself as includes can be used at multiple places.
The module parses the files recursivly, meaning it allows for nested includes. While parsing the includes it also performs a simple find and replace on placeholders. The replacements are supplied in a JSON file but more an here.
When grunt-bake
parses files it looks for anchors like this: <!--(bake path/to/file.html)-->
.
Setup the bake
task like so:
grunt.initConfig( {
bake: {
your_target: {
options: {
// Task-specific options go here.
},
files: {
// files go here, like so:
"dist/index.html": "app/index.html",
"dist/mobile.html": "app/mobile.html"
// etc ...
}
},
},
} )
With a app/index.html
file like this one:
<html>
<head></head>
<body>
<!--(bake includes/container.html)-->
<!--(bake includes/footer.html)-->
</body>
</html>
The paths given are relative to the file being parsed.
Type: String
Default value: null
A string value that determines the location of the JSON file that is used to fill the place holders.
Type: String
Default value: ""
A string that determines which subsection of the JSON passed as content
should be used. If no section is passed the entire JSON will be used for templating.
Given a content JSON like such:
{
"en": {
"title": "Book",
"info": {
"author": "Joe Do",
"job": "Writer"
}
},
"de": {
"title": "Buch",
"info": {
"author": "Joe Do",
"job": "Schreiber"
}
}
}
If "en"
is passed as section, { "title": "Book", "info": { ... } }
will be passed to the include. If no section is specified the entire JSON will be passed.
This could be used to parse a template like such:
<div>{{title}}</div>
<div>
<span>{{info.author}}</span>
<span>{{info.job}}</span>
</div>
Type: Function
Default value: default process procedure
A Function which is used to process the template before putting it into the file. If process
is defined as null
or false
the includes won't be processed at all.
The default process uses two curly braces as marker, such as {{json.value.name}}
.
The function gets passed two arguments:
String
: representing the template to parse.Object
: the content from the JSON file as object.Type: String
Default value: ""
Determines the base directory for includes that are specified with an absolute path. All paths starting with an /
are absolute while other paths starting with folder or file names are relative to the include being parsed.
<!--(bake includes/footer.html)-->
relative to the file
<!--(bake /includes/footer.html)-->
relative to the basePath (level of Gruntfile by default)
This example shows a simple baking process with all default options.
grunt.initConfig( {
bake: {
build: {
files: {
"app/index.html": "app/base.html"
}
}
}
} )
app/base.html:
<html>
<body>
<!--(bake includes/container.html)-->
</body>
</html>
app/includes/container.html:
<div id="container"></div>
This bake task will create app/index.html:
<html>
<body>
<div id="container"></div>
</body>
</html>
This example shows how to use the bake process to parse the templates with a provided JSON and a section.
grunt.initConfig( {
bake: {
build: {
options: {
content: "app/content.json",
section: "en"
}
files: {
"app/index.html": "app/base.html"
}
}
}
} )
app/content.json:
{
"en": {
"title": "Hello World"
},
"de": {
"title": "Hallo Welt"
}
}
app/base.html:
<html>
<body>
<!--(bake includes/container.html)-->
</body>
</html>
app/includes/container.html:
<div id="container">{{title}}</div>
This bake task will create app/index.html:
<html>
<body>
<div id="container">Hello World</div>
</body>
</html>
In addition to the file the bake anchor tag also allows for inline attributs which will override the content from the JSON file. Note: Please note that the parsing of inline attributes requires double quotes in the definition as shown in the example
Same scenario as above.
app/base.html:
<html>
<body>
<!--(bake includes/container.html title="Salut Monde" name="Mathias")-->
</body>
</html>
app/includes/container.html:
<div id="container">{{title}}</div>
<span>{{name}}</span>
This bake task will create app/index.html:
<html>
<body>
<div id="container">Salut monde</div>
<span>Mathias</span>
</body>
</html>
The bake task also allows a simple if
conditional. Inline attributes named _if
are treated as such. If the value that _if
holds can't be found in the content.json or if found equals to the value false
the include will be ignored.
app/base.html:
<html>
<body>
<!--(bake includes/container.html _if="name")-->
</body>
</html>
app/content.json:
{
"foo": "bar"
}
This bake task will create app/index.html:
<html>
<body>
</body>
</html>
Additionally the the _if
statement also works with inlining the bake content.
<html>
<body>
<!--(bake-start _if="name")-->
<h1>{{name}}</h1>
<!--(bake-end)-->
</body>
</html>
Another special inline attribute is the _foreach
attribute. This keyword expects a specific syntax and can be used both inline as well as pulling
content from the json. This allows to loop over a set of values and using that value in the partial.
It accepts an inline syntax: _foreach="name:[mike, drew, steve]"
as well as a reference to an array in the json: _foreach="name:authors.names"
. The values from the array can then be used with the key name
. This key can be chosen arbitrarily.
app/base.html:
<html>
<body>
<ul class="first">
<!--(bake includes/li.html _foreach="name:[mike, drew, steve]")-->
</ul>
<ul class="second">
<!--(bake includes/li.html _foreach="name:authors.names")-->
</ul>
</body>
</html>
app/includes/li.html:
<li>{{name}}</li>
app/content.json:
{
"authors": {
"names": [ "jenna", "carla", "susy" ]
}
}
This bake task will create app/index.html:
<html>
<body>
<ul class="first">
<li>mike</li>
<li>drew</li>
<li>steve</li>
</ul>
<ul class="second">
<li>jenna</li>
<li>carla</li>
<li>susy</li>
</ul>
</body>
</html>
Just like the _if
statement the _foreach
also works with inlined content:
<html>
<body>
<ul>
<!--(bake-start _foreach="name:[robert, susan, carl]")-->
<li>{{name}}</li>
<!--(bake-end)-->
</ul>
</body>
</html>
This example shows the use of a costum process funtion.
var processFunction( source, content ) {
return source + "<br>";
}
grunt.initConfig( {
bake: {
build: {
options: {
content: "app/content.json",
section: "en",
process: processFunction
}
files: {
"app/index.html": "app/base.html"
}
}
}
} )
For ease of development just add the bake
task to your watch list. The static page will be baked everytime you change the template.
watch: {
bake: {
files: [ "app/includes/**" ],
tasks: "bake:build"
}
}
FAQs
Bake external includes into files to create static pages with no server-side compilation time
The npm package grunt-bake receives a total of 410 weekly downloads. As such, grunt-bake popularity was classified as not popular.
We found that grunt-bake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.