🚀 Socket Launch Week 🚀 Day 1: Introducing .NET Support in Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

hijacking-webpack-plugin

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hijacking-webpack-plugin

Prevent hijacking

1.0.0-beta1.2
latest
Source
npm
Version published
Weekly downloads
12
200%
Maintainers
1
Weekly downloads
 
Created
Source

向HTML模板文件注入js脚本

注意:一定要放在html-webpack-plugin之后执行,否则会被覆盖

###基本使用 1

const HijackingPlugin = require('./hijacking-webpack-plugin');

new HijackingPlugin({
    head: [
        {src: '/static/tinymce/tinymce.min2cs1.js', defer: true},
        {src: '/static/tinymce/tinymce.min2cs2.js', async: true},
        {src: '/static/tinymce/tinymce.min2cs3.js', defer: true},
    ],
    body: [
        {src: '/static/tinymce/tinymce.min2cs1.js', defer: true},
        {src: '/static/tinymce/tinymce.min2cs2.js', async: true},
        {src: '/static/tinymce/tinymce.min2cs3.js', defer: true},
    ]
})

dns http防劫持 2

new HijackingPlugin({
    head: [
        {src: '/static/tinymce/tinymce.min2cs1.js', defer: true},
        {src: '/static/tinymce/tinymce.min2cs2.js', async: true},
        {src: '/static/tinymce/tinymce.min2cs3.js', defer: true},
    ],
    body: [
        {src: '/static/tinymce/tinymce.min2cs1.js', defer: true},
        {src: '/static/tinymce/tinymce.min2cs2.js', async: true},
        {src: '/static/tinymce/tinymce.min2cs3.js', defer: true},
    ],
    filterTags: ['script', 'iframe'], //过滤标签
    whiteURLS: [], // 白名单url:'baidu.com' | 'jquery.com'
    isRejectJACK: true // 开启劫持防护
})


注:开启防劫持后,会针对您配的filterTags(过滤标签组)进行移除, 只要动态有元素插入进来,都会监控到并将其remove
具体业务场景,具体使用

兼容性 ie11+ firefox/chrome 18+ safri 6+ android 4.4+ ios6+ ...

欢迎大家issue、bug

Keywords

hijacking
webpack
plugin

FAQs

Package last updated on 25 Nov 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials

Research

Security News

The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials

Socket researchers uncovered malicious npm and PyPI packages that steal crypto wallet credentials using Google Analytics and Telegram for exfiltration.

By Kirill Boychenko  -  Apr 22, 2025
Introducing .NET Support in Socket

Product

Introducing .NET Support in Socket

Socket now supports .NET, bringing supply chain security and SBOM accuracy to NuGet and MSBuild-powered C# projects.

By Eli Insua, Rakesh Chatrath  -  Apr 21, 2025