Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
grunt-vtex
Advanced tools
A Grunt convention-over-configuration meta-project.
The file index.coffee
exposes only one function: generateConfig
.
It receives your grunt
, pkg
(your package.json parsed object) and options
.
It returns an object with configurations for all tasks used across projects in VTEX.
Your project should only define very specific customizations outside of this config.
This enforces uniformity and eases advancing configurations across every project simultaneously.
If you are heavily altering a defined task or adding a new one, please bump the minor version.
In your Gruntfile:
GruntVTEX = require 'grunt-vtex'
module.exports = (grunt) ->
pkg = grunt.file.readJSON 'package.json'
options = {...}
config = GruntVTEX.generateConfig grunt, pkg, options
## customize by altering config
config.copy.main = {...}
tasks = {...}
grunt.initConfig config
grunt.loadNpmTasks name for name of pkg.devDependencies when name[0..5] is 'grunt-'
grunt.registerTask taskName, taskArray for taskName, taskArray of tasks
--stable
: proxies to stable API's instead of beta.--link
: sibling project directories to link in order to develop locally.--ft
: features that should be toggled.tags.json
file, which tells us which apps are currently published with which versions.Example excerpt of a tags.json
file:
{
oms-ui: {
stable: {
2: "2.9.76"
},
beta: {
2: "2.9.99-beta"
}
},
license-manager-ui: {
stable: {
2: "2.1.23"
},
beta: {
2: "2.1.23"
}
},
vtex-id-ui: {
stable: {
2: "2.2.6",
3: "3.2.29"
},
next: { },
beta: {
2: "2.2.6",
3: "3.2.29-beta"
},
alpha: { }
}
}
To develop two projects simultaneously, follow these steps:
Clone the other project into a sibling directory, install and start with the "dev" task.
$ cd Projects/
$ git clone git@github.com:vtex/front.shipping-data.git
$ cd front.shipping-data
$ npm i
$ grunt dev // some target which doesn't run a server and livereload
In another terminal tab, start grunt with the link
option, passing the name of the component:
$ cd Projects/vcs.checkout-ui
$ grunt --link front.shipping-data
This will symlink the build
folder from the sibling into the build
folder in this project.
You can also separate multiple projects with a comma, e.g.
$ grunt --link front.shipping-data,front.cart
You may turn a feature on using the ft
option:
$ grunt --ft totem
devReplaceMap
usagedevReplaceMap
accepts a string or a function as a value for a key. In case of a function, it will receive three parameters:
--ft
)symlink
task config, which is created according to the --link
optiontags.json
map of published projects.The result of this function is passed on to the replace
function. Therefore, you can return a function
that handles the pattern matching!
e.g.:
featureToggleReplace = (features, symlink, tags) -> (match) ->
if features?['totem'] then match else ''
linkReplace = (features, symlink, tags) -> (match, path, app, major) ->
env = if grunt.option('stable') then 'stable' else 'beta'
if symlink[app]
console.log "link".blue, app, "->".blue, "local"
return "/#{app}/#{path}"
else
version = tags[app][env][major]
console.log "link".blue, app, "->".blue, version
return "//io.vtex.com.br/#{app}/#{version}/#{path}"
devReplaceMap = {}
devReplaceMap["{{ 'checkout-custom.css' | legacy_file_url }}"] = '/arquivos/checkout-custom.css'
devReplaceMap["{{ 'checkout-custom.css' | file_url }}"] = '/files/checkout-custom.css'
devReplaceMap["{% if config.kiosk %}(\n|\rn|.)*\{% endif %}"] = featureToggleReplace
devReplaceMap["\\{\\{ \\'(.*)\\' \\| vtex_io: \\'(.*)\\', (\\d) \\}\\}"] = linkReplace
VTEX - 2014
FAQs
A Grunt convention-over-configuration parasite
The npm package grunt-vtex receives a total of 14 weekly downloads. As such, grunt-vtex popularity was classified as not popular.
We found that grunt-vtex demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.