Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
imagemin-brunch
Advanced tools
simple image minification for brunch
This is a super simple plug-and-play plugin that minifies your images with imagemin.
$ npm install --save-dev imagemin-brunch
$ brunch build --production
18:06:47 - info: compiled 6 files into 2 files, copied 14 in 2.3 sec
18:06:53 - info: minified 9 images to save 334 kB in 5.3 sec
This plugin automatically minifies the following extensions, with no configuration required:
.gif
.jpg
.jpeg
.jpe
.jif
.jfif
.jfi
.png
.svg
.svgz
The actual minification process is performed by the following imagemin plugins:
Minifying images takes forever, so I made this plugin an optimizer. By default, this plugin will run whenever brunch is in production mode. Any of these commands should work to minify your images:
$ brunch b -p
$ brunch build -p
$ brunch b --production
$ brunch build --production
If you are using the default skeleton, npm run build
should also work.
plugins.imagemin = {
plugins: {
'imagemin-gifsicle': true,
'imagemin-jpegtran': true,
'imagemin-optipng': true,
'imagemin-svgo': true
},
pattern: /\.(gif|jpg|jpeg|jpe|jif|jfif|jfi|png|svg|svgz)$/
}
plugins
To enable a new imagemin plugin, create a new key-value pair where the object key is the name of your plugin and give it a truthy value. If you would like to pass options into the plugin, provide an object as your pair's value.
If you want to disable a plugin, add it to this object with a falsy value.
pattern
This is a regular expression pattern used to figure out which files should be passed through to imagemin.
FAQs
Simple image minification for brunch
The npm package imagemin-brunch receives a total of 10 weekly downloads. As such, imagemin-brunch popularity was classified as not popular.
We found that imagemin-brunch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.