Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Yet another simple cross-platform CLI build tool to bundle JavaScript files, with a custom file import syntax, ES8+ minification, auto build capabilities, and native OS notifications.
Yet another simple cross-platform CLI build tool to bundle JavaScript files, with a custom file import syntax, ES8+ minification, auto build capabilities, and native OS notifications.
Because merger uses a modified version of uglify-es for minification, you don't need to use any kind of transpilers in order to use this tool. You can use ES8+.
MergerJS is not a module bundler, is a file bundler.
NPM: LINK
GitHub: LINK
License: GPLv3
Changelog: LINK
Dependencies:
├── uglify-es
├── neo-async
├── chokidar
├── commander
├── inquirer
├── node-notifier
├── chalk
├── line-by-line
├── is-text-path
├── js.system.collections
@import<<DIR 'directoryName/'
)$import 'file-name'
)%import 'url'
)%import<<github::{branch-name} '{userName}/{repositoryName}/{pathToFile}.js'
)
For the latest version of the README, always refer to the MergerJS GitHub repository's master branch:
https://github.com/joao-neves95/merger-js/blob/master/README.md
You will need Node.js version 10+ installed to run merger.
Install globally -g
with NPM:
npm i merger-js -g
or
npm install merger-js -g
Make a header file - the source file; the first file to be merged - containing, on the top,
comments importing the files in the order you want them to be built, from the first to the
last just like in a browser.
Example:
// $import 'sweetalert2/dist/sweetalert2.all.min.js'
// %import 'https://code.jquery.com/jquery-3.4.1.min.js'
// %<<github::v4-dev '/twbs/bootstrap/dist/js/bootstrap.min.js'
// @'externalLibs'
// @import<<dir '/enums/'
// @import 'utilities'
// @import 'someModel'
// @import 'someView'
// @import 'someController'
// @import 'someOtherModel'
// @import 'someOtherView'
// @import 'someOtherController'
// @import 'someOtherFeature'
// @import 'fileName'
, you can just // @'fileName'
or $'file-name'
;.js
are optional;// @import '../otherFolder/someFile'
merger init
on the root of your project:
Run merger add
to add a new source file (header file) to your merger configuration file (learn more below in the "Commands" section).
Run merger
or merger build
to start building (learn more below in the "Commands" section).
// @import 'relativePathToTheFile'
or // @'relativePathToTheFile'
:
Using an @
token on an import statement imports a file relative to the header file.
<<
) dir
, DIR
, directory
or DIRECTORY
into @import
, imports an entire directory. // @import<<dir '../otherDirectory/'
// @<<DIR 'someDirectoryHere/'
// $import 'pathRelativeToNodeModules'
or // $'node_modules_file'
:
Using a $
token imports relative to the "node_modules" directory.
<<
) dir
, DIR
, directory
or DIRECTORY
into $import
, imports an entire directory from node_modules. // $import<<dir '../otherDirectory/'
// $<<DIR 'someDirectoryHere/'
// %import 'https://specificUrl.com/file.min.js'
or // %'https://specificUrl.com/file.min.js'
:
Using a %
token imports a file from a specific URL. The file is downloaded and stored in node_modules in the first time and later fetch from there in order to not download the file in each build.
Adding a double %%
token forces the download on every build (good for updates). Valid for specific URLs and GitHub.
E.g.: // %%'https://code.jquery.com/jquery-3.4.1.min.js'
Pushing (<<
) GH
, gh
, github
or GITHUB
into %import
, imports a file from a GitHub repository.
If the branch name is not provided, it is defaulted to the "master" branch.
E.g.:
// %import<<GH::{branch} '{user}/{repository}/{pathToFile}.js'
// %<<github::v4-dev '/twbs/bootstrap/dist/js/bootstrap.min.js'
You can specify the branch using the ::
token.
MergerJS still supports the previous GitHub import syntax for files, where the branch is specified directly on the path, to avoid breaking changes (not supported on directories). This syntax should be considered as deprecated.
E.g.: // %<<github '/twbs/bootstrap/v4-dev/dist/js/bootstrap.min.js'
Pushing (<<
) dir
, DIR
, directory
or DIRECTORY
into %import<<github
, imports an entire directory from GitHub.
Note that using this method, the files are not compiled in any specific order.
E.g.: // %%import<<GH::master<<dir 'twbs/bootstrap/dist/js'
merger init
: Configure merger. It creates a merger-config.json file on your working directory.
merger log
: Print the configuration file contents.
merger add
: Add a new source file to the merger config file.
You should run this command on the directory where the source file you want to add is located.
MergerJS will give you the directory path, you input the source file name (the extension names are
optional), or a relative path to that directory, and MergerJS will locate the configuration file in
the hierarchy before the one you are located and update it.
merger rm
:
Remove a source file from the merger-config file.
You can run this command anywhere within your project (after the configuration file).
MergerJS will give you all your files within your configuration file and you remove one just by selecting it.
merger
or merger build
:
Execute the build with the configuration you gave it on the merger-config.json file.
You can run it anywhere within your project's folder.
merger auto
, merger build -a
or merger build --auto
: merger set
or merger set -h
or merger set --list
:
List all the configuration keys (it does not list the possible aliases).
merger set <configuration> <value>
:
Edit a configuration key on the merger-config file. You can run it anywhere within your project's folder.
At the moment you can pass:
mnfy
, minify
or uglify
and the <value> -t
/ --true
or -f
/ --false
to set minification to true or false (on/off);auto
or autobuild
and the <value> -t
/ --true
or -f
/ --false
to set auto builds to true or false (on/off);ntfs
, notifs
, notify
, or notifications
and the <value> -t
/ --true
or -f
/ --false
to set the native OS notifications to true or false (on/off);updateonlaunch
or updtonlnch
and the <value> -t
/ --true
or -f
/ --false
to set the update on lauch time to true or false (on/off).
MergerJS will check for updates once per week. merger set minify -f
merger set autobuild --true
merger set notifs -t
merger update
: Update MergerJS. Same as npm install merger-js -g
merger fix-config-paths
: Fixes the paths of the configuration file, in case the location of the project changes (e.g.: different computer).
At this moment, this command only works on Windows.
js.system.collections.header.js
Since v3.9.0, it is possible to have custom source file configuration that overwrites the global
configuration.
This is useful, for example, if you have multiple source files and want that only some file be
minified or not.
In the moment, there is no CLI command to edit custom source file configurations, so you will have
to do it by hand. Just add a config object to your source file object.
In the moment there is only the minification (uglify
) option.
Example (merger-config.json
):
(...)
"sourceFiles": [
{
"source": "path-to\\js.system.collections\\js.system.collections.header.js",
"output": {
"path": "path-to\\js.system.collections\\dist",
"name": "js.system.collections.js"
}
},
{
"source": "path-to\\js.system.collections\\js.system.collections.header.js",
"output": {
"path": "path-to\\js.system.collections\\dist",
"name": "js.system.collections.min.js"
},
"config": {
"uglify": true
}
}
]
(...)
Merger uses SemVer for versioning. You can read the changelog here.
See the style guide here: merger-js/STYLE-GUIDE.md
When I started doing academic web projects, I felt the need for a build tool to merge all my JS files into one, cleaning the HTML pages and optimizing my workflow. I wanted something simple and fast. My schoolmates couldn't get around with other projects like WebPack and similar tools, so I decided to build MergerJS in order to use a file bundler in a very simple and fast way. This is and it always will be a work in progress.
v3.10.1 - 05/06/2020
FAQs
Yet another simple cross-platform CLI build tool to bundle JavaScript files, with a custom file import syntax, ES8+ minification, auto build capabilities, and native OS notifications.
We found that merger-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.