Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
KISSY Module Compiler(kmc)是一个基于NodeJS的KISSY模块打包工具,目前适用于KISSY 1.2+的代码打包
如果您有任何问题,请邮件或者来往(daxingplay)上联系我。
npm install kmc
or
git clone git://github.com/daxingplay/ModuleCompiler.git
注意: 新版本的KISSY Module Compiler的npm包已经更名为kmc,如果使用老版本(此版已经不再维护),请npm install module-compiler
var kmc = require('kmc');
// 这里和KISSY.config一样,先配置包
kmc.config({
packages: [{
'name': 'sh',
'path': '这里建议写绝对路径,即sh这个包所在的目录',
'charset': 'gbk'
}]
});
// 将xxx.js打包为xxx.combine.js,输出编码为GBK
kmc.build('xxx.js', 'xxx.combine.js', 'gbk');
// 用node执行你这个打包脚本就ok啦~
var kmc = require('kmc');
kmc.config({
// 和KISSY一样,可以配置多个包
packages: [{
'name': 'app1',
'path': 'app1这个包所在目录的绝对路径',
// 这里是指app1这个包中的文件的编码,同一个包内的编码请保持一致
'charset': 'gbk'
}, {
'name': 'app2',
'path': 'app2这个包所在目录的绝对路径',
// 这里是指app2这个包源码的编码
'charset': 'utf-8'
}],
// 可以设置哪些模块不打包进来。注意,这里exclude的是具体的模块名,支持正则
exclude: ['base', 'event'],
// 如果是对一个目录下的所有文件进行打包,可以设置哪些文件不打包进来,支持正则。注意和上面的exclude的配置的区别。
ignoreFiles: ['.combo.js', '-min.js'],
// 输出的文件名后缀,不带.js,比如打包后你想输出为xxx.combine.js,那么这里就配置为:.combine
suffix: '',
// 类似于KISSY的map方法,可以自己定义把模块名中的路径进行替换
map: [
// 这样配置的话,那么,如果原先输出的app1的模块名中含有app1/2.0/字样的话,就会被替换成app1/19891014/
['app1/2.0/', 'app1/19891014/']
],
// 这里设置的是最后打包出来的文件的编码,默认UTF-8,这里的设置相当于是全局设置,下面build中的设置是针对单一打包实例的
charset: 'gbk'
});
/**
* 打包一个文件/目录
* @param inputPath {String} 源文件/目录的绝对路径.
* @param outputPath {String} 打包出来的文件/目录的路径.
* @param outputCharset {String} 输出编码,这里的设置会覆盖config.charset中的设置,默认UTF-8
* @return {Object} 打包出来的文件信息
*/
kmc.build('xxx.js', 'xxx.combine.js', 'gbk');
更详细的文档,请参见wiki。
遵守 "MIT":https://github.com/daxingplay/ModuleCompiler/blob/master/LICENSE.md 协议
FAQs
KISSY Module Compiler
The npm package kmc receives a total of 5 weekly downloads. As such, kmc popularity was classified as not popular.
We found that kmc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.