Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
gulp-manifest
Advanced tools
Generate HTML5 Cache Manifest files. Submitted by Scott Hillman.
Big thanks to Gunther Brunner for writing the grunt-manifest plugin. This plugin was heavily influenced by his great work.
Visit the HTML 5 Guide to AppCache for more information on Cache Manifest files.
First, install gulp-manifest
as a dev dependency
npm install gulp-manifest --save-dev
This controls how this task (and its helpers) operate and should contain key:value pairs, see options below.
Type: String
Default: undefined
Add a prefix to the file paths. Useful when your files are in a different URL than the page.
Type: String
Default: undefined
Add a suffix to the file paths. Useful when your files have query string.
Type: String
Default: 'app.manifest'
Set name of the Cache Manifest file.
Type: String
Array
Default: undefined
Adds manually a string to the CACHE section. Needed when you have cache buster for example.
Type: String
Array
Default: undefined
Exclude specific files from the Cache Manifest file.
Type: String
Array
Default: '*'
(By default, an online whitelist wildcard flag is added)
Adds a string to the NETWORK section.
See here for more information.
Type: String
Array
Default: undefined
Adds a string to the FALLBACK section.
See here for more information.
Type: Boolean
Default: undefined
Adds a string to the SETTINGS section, specifically the cache mode flag of the prefer-online
state.
See here for more information.
Type: Boolean
Default: true
Adds a timestamp as a comment for easy versioning.
Note: timestamp will invalidate application cache whenever cache manifest is rebuilt, even if contents of files in src
have not changed.
Type: Boolean
Default: false
Adds a sha256 hash of all src
files (actual contents) as a comment.
This will ensure that application cache invalidates whenever actual file contents change (it's recommented to set timestamp
to false
when hash
is used).
gulp.task('manifest', function(){
gulp.src(['build/*'], { base: './' })
.pipe(manifest({
hash: true,
preferOnline: true,
network: ['*'],
filename: 'app.manifest',
exclude: 'app.manifest'
}))
.pipe(gulp.dest('build'));
});
CACHE MANIFEST
CACHE:
js/app.js
css/style
css/style.css
js/zepto.min.js
js/script.js
some_files/index.html
some_files/about.html
NETWORK:
*
# hash: 76f0ef591f999871e1dbdf6d5064d1276d80846feeef6b556f74ad87b44ca16a
You do need to be fully aware of standard browser caching. If the files in CACHE are in the network cache, they won't actually update, since the network cache will spit back the same file to the application cache. Therefore, it's recommended to add a hash to the filenames's, akin to rails or yeoman. See here why query strings are not recommended.
Sometimes your assets are served from different source directories. To route these correctly the gulp.src.base
option can be used to define a glob's base path. Later multiple streams can be composed with merge-stream, so that one single manifest file is created from them
var path = require('path');
var mergeStream = require('merge-stream');
var config = {
app: './app',
tmp: './tmp'
};
mergeStream(
gulp.src([
path.join(config.app + '*.html'),
path.join(config.app + 'assets/*.{png,svg,jpg}'),
path.join(config.app + 'js/*.js')
], {
base: config.app
}),
gulp.src([
path.join(config.tmp + 'css/*.css')
], {
base: config.tmp
})
);
.pipe(plugins.manifest({
hash: true,
preferOnline: false,
network: ['*'],
filename: 'appcache.manifest'
}))
.pipe(gulp.dest(config.tmp));
for the given file tree
├── app
│ ├── assets
│ │ ├── cover.png
│ │ └── logo.svg
│ ├── index.html
│ ├── js
│ │ └── script.js
│ └── scss
│ └── style.scss
└── tmp
└── css
└── style.css
will result in
index.html
assets/cover.png
assets/logo.svg
js/script.js
css/style.css
Sometimes you might want to alter the way paths are passed to the plugin. The correct way will be to provide options to gulp.src
so that it generates correct paths.
Say, you have a single folder named public
, which is the top-level directory that's served to the browser. In the same directory, you have the css
, js
and asset
files under different directories, along with the html
files.
public/
├── assets
│ ├── cover.png
│ └── logo.png
├── css
│ └── style.css
├── js
│ └── app.js
└── index.html
FAQs
Generate HTML5 Cache Manifest files
The npm package gulp-manifest receives a total of 1,006 weekly downloads. As such, gulp-manifest popularity was classified as popular.
We found that gulp-manifest demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.