index-webpack-plugin
Advanced tools
The original benchmarks of bundledDependencies have been flawed.
To achieve the same result of bundle-dependencies using bundledDependencies package.json property:
dependencies to bundledDependencies package.json property.rm -fr ./node_modules).--production flag (i.e., npm install --production).You can use bundled-dependencies package to automate the first step.
npm install bundled-dependencies --save-dev
Add to package.json:
{
"scripts": {
"bundle-dependencies": "bundled-dependencies"
}
}
Run:
npm run bundle-dependencies
bundle-dependenciesBundles (deep) all module dependencies into a monolithic NPM package.
bundle-dependencies is designed to be used with devDependencies and modules installed using --global flag.
How much time can it save? Lets see.
2.3.63 release is done without bundle-dependencies.
time npm install pragmatist@2.3.63
34.59s user
6.15s system
24% cpu
2:44.35 total
2.3.64 release is done with bundle-dependencies.
time npm install pragmatist@2.3.64
5.41s user
2.34s system
36% cpu
21.175 total
The bundle-dependencies install process is 8 times faster (2 minutes 44 seconds compared to 21 second).
npm install bundle-dependencies --save-dev
Add to package.json:
{
"scripts": {
"publish-bundle": "bundle-dependencies publish"
}
}
To publish your package with bundled dependencies, run:
npm run publish-bundle
.npmignoreAdd to .npmignore (and .gitignore):
.backup.package.json
.backup.node_modules
These are the backup files of your original ./package.json and ./node_modules. Do not commit them to the package registry.
bundle-dependencies publish execution flow is:
bundle-dependencies internal prepublish logic.npm publish.bundle-dependencies internal postpublish logic.Do not add bundle-dependencies script to prepublish, publish or postpublish package.json scripts. NPM copies the contents of package.json before prepublish script is executed. This makes the internal prepublish logic impossible. prepublish and postpublish commands are exposed for testing only.
prepublish logic../node_modules../package.json.npm install --production)../node_modules to ./bundled_modules.tar../package.json.bundled-dependencies dependency to ./package.json.postinstall script to ./package.json.postpublish logic../bundled_modules.tar../package.json../node_modules../package.json.postinstall scriptThe postinstall script is:
bundled-dependencies extract
./node_modules../bundled_modules.tar to ./node_modules.FAQs
WIP
We found that index-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Claude Opus 4.6 has uncovered more than 500 open source vulnerabilities, raising new considerations for disclosure, triage, and patching at scale.
Research
/Security News
Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code execution.
Security News
gem.coop is testing registry-level dependency cooldowns to limit exposure during the brief window when malicious gems are most likely to spread.