Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
gulp-pipemin
Advanced tools
Streamlined resource transformations configured in html.
First, install gulp-pipemin
as a development dependency:
npm install --save-dev gulp-pipemin
Then, add it to your gulpfile.js
:
var pipemin = require('gulp-pipemin');
var uglify = require('gulp-uglify');
var minifyHtml = require('gulp-minify-html');
var minifyCss = require('gulp-minify-css');
var rev = require('gulp-rev');
gulp.task('pipemin', function () {
return gulp.src('./*.html')
.pipe(pipemin({
css: function (stream, concat) {
return stream
.pipe(minifyCss())
.pipe(concat);
},
html: function (stream) {
return stream
.pipe(minifyHtml({empty: true}));
},
js: function (stream, concat) {
return stream
.pipe(concat)
.pipe(uglify())
.pipe(rev());
}
}))
.pipe(gulp.dest('build/'));
});
Blocks are expressed as:
<!-- build:<pipelineId>(alternate search path) <path> -->
... HTML Markup, list of script / link tags.
<!-- endbuild -->
An example of this in completed form can be seen below (note usage of globs):
<!-- build:css style.css -->
<link rel="stylesheet" href="css/clear.css"/>
<link rel="stylesheet" href="css/main.css"/>
<!-- endbuild -->
<!-- build:js js/lib.js -->
<script src="../lib/angular-*-min.js"></script>
<!-- endbuild -->
<!-- build:js1 js/app.js -->
<script src="js/{app,main}.js"></script>
<script src="js/controllers/thing-controller.js"></script>
<script src="js/models/thing-model.js"></script>
<script src="js/views/thing-view.js"></script>
<!-- endbuild -->
<!-- build:remove -->
<script src="js/localhostDependencies.js"></script>
<!-- endbuild -->
Type: String
Alternate root path for assets. New concated js and css files will be written to the path specified in the build block, relative to this path. Currently asset files are also returned in the stream.
Type: String
Default alternate search path for files. Can be overridden by the alternate search path option for a given block.
Type: Function
If exist used for modify files. Each pipeline gets input stream and concat task, except for html. Function is called separately on demand for each block.
Type: Function
Special pipeline for files not matched by any block, but passed to asssets stream.
Type: Function
Stream constructor (works with lazypipe) of assets stream. When passed, pipemin search for files requested by blocks inside this stream instead of probing filesystem. Error is returned if no such file was passed.
Type: Boolean
Default: false
Show paths of all files passed to assets stream in console.
Type: String
Relative location to html file for new concatenated js and css.
|
+- app
| +- index.html
| +- assets
| +- js
| +- foo.js
| +- bar.js
| +- css
| +- clear.css
| +- main.css
+- dist
We want to optimize foo.js
and bar.js
into optimized.js
, referenced using relative path. index.html
should contain the following block:
<!-- build:css style.css -->
<link rel="stylesheet" href="css/clear.css"/>
<link rel="stylesheet" href="css/main.css"/>
<!-- endbuild -->
<!-- build:js js/optimized.js -->
<script src="assets/js/foo.js"></script>
<script src="assets/js/bar.js"></script>
<!-- endbuild -->
We want our files to be generated in the dist
directory. gulpfile.js
should contain the following block:
gulp.task('pipemin', function () {
return gulp.src('./app/index.html')
.pipe(pipemin({
js: [uglify()]
// in this case css will be only concatenated (like css: ['concat']).
}))
.pipe(gulp.dest('dist/'));
});
This will generate the following output:
|
+- app
| +- index.html
| +- assets
| +- js
| +- foo.js
| +- bar.js
+- dist
| +- index.html
| +- js
| +- optimized.js
| +- style.css
index.html
output:
<link rel="stylesheet" href="style.css"/>
<script src="js/optimized.js"></script>
#####2.2.0
#####2.0.0
FAQs
Streamlined resource transformations configured in html.
We found that gulp-pipemin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.