Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gulp-parser-inline
Advanced tools
![Language](https://img.shields.io/badge/-TypeScript-blue.svg) [![Build Status](https://travis-ci.org/searchfe/gulp-parser-inline.svg?branch=master)](https://travis-ci.org/searchfe/gulp-parser-inline) [![npm package](https://img.shields.io/npm/v/gulp-pars
gulp插件,用于处理inline语法
inline plugin for gulp.
npm install
npm build
在构建目录安装 gulp-parser-inline
npm install --save-dev gulp-parser-inline
在构建目录下创建 gulpfile.js
const staticDomain = process.env.dev ? '' : '//m.baidu.com';
const parse = require('gulp-parser-inline').parseInline;
const sanInline = require('gulp-parser-inline').parseSan;
// parse tpl
gulp.task('build:tpl', function (stream) {
return gulp.src(['src/**/*.tpl'])
.pipe(parse({
base: path.resolve('./src/'),
type: 'tpl',
staticDomain: staticDomain,
compress: true
}))
.pipe(gulp.dest('dist'));
});
gulp.task('build:js', function (stream) {
return gulp.src(['src/**/*.js'])
.pipe(parse({
base: path.resolve('./src/'),
type: 'js',
staticDomain: staticDomain,
useHash: true,
compress: true
}))
.pipe(gulp.dest('dist'));
});
gulp.task('build:css', function (stream) {
return gulp.src(['src/**/*.css'])
.pipe(parse({
base: path.resolve('./src/'),
type: 'css',
useHash: true,
compress: true
}))
.pipe(gulp.dest('dist'));
});
// parseSan
gulp.task('san', ()=>{
return gulp.src(['./test/*.san.ts'])
.pipe(sanInline({basePath: path.resolve('./test')}))
.pipe(gulp.dest('./output'));
});
在gulpfile.js目录下执行如下命令
$ gulp
构建路径基于base目录,若该目录下找不到该文件则会以当前文件目录为当前路径计算
1.js
js文件中的inline用法主要是将对应文件内容内联到当前js文件中
例:
__inline('./a.js');
var dom = __inline('./a.etpl');
构建后:
var a = 'I am a.js';
var dom = '<div>I am a.etpl</div>'
2.css
css文件中的inline用法除了将对应文件内容内联到当前css文件中外,还支持将图片文件转为base64
例:
@import url('./a.css?__inline');
.bg {
background:url(./a.png?__inline);
}
构建后:
/* a.css文件内容 start */
.a {
width: 100%;
}
/* a.css文件内容 end */
.bg {
background:url(data:png;base64,iVBORw0KGgoAAAANSUh...);
}
3.tpl
把对应的文件内容内联到当前html(tpl)文件中。
例:
<link rel="stylesheet" href="/static/css/style.css?__inline" />
<style>
__inline('/static/css/style.css')
</style>
<script>
__inline('a.js');
</script>
构建后:
<style>
body,html{margin:0;padding:0}...略
</style>
<script>
define("a",[],function(n,a,i){a.run=function(){alert("i am a")}});
</script>
FAQs
![Language](https://img.shields.io/badge/-TypeScript-blue.svg) [![Build Status](https://travis-ci.org/searchfe/gulp-parser-inline.svg?branch=master)](https://travis-ci.org/searchfe/gulp-parser-inline) [![npm package](https://img.shields.io/npm/v/gulp-pars
The npm package gulp-parser-inline receives a total of 15 weekly downloads. As such, gulp-parser-inline popularity was classified as not popular.
We found that gulp-parser-inline demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.