Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Yet another light weight and simple cross-platform build tool for JavaScript files, with CLI tooling, file imports, auto build capabilities and native OS notifications.
Yet another lightweight and simple cross-platform build tool for JavaScript files, with CLI tooling, file imports, auto build capabilities and native OS notifications.
Because merger uses uglify-es for minification, you don't need to use any kind of transpilers in conjunction with this tool. You can use ES6+.
MergerJS does not support circular dependencies
NPM: LINK
GitHub: LINK
License: MIT
Dependencies:
├── uglify-es
├── neo-async
├── chokidar
├── commander
├── inquirer
├── node-notifier
├── chalk
├── line-by-line
@import<<DIR 'directoryName/'
)$import 'file-name'
)%import 'url'
)
For the latest version of the README, always refer to the MergerJS GitHub repository's master branch:
https://github.com/joao-neves95/merger-js/blob/master/README.md
You will need Node.js version 10+ installed to run merger.
Install globally -g
with NPM:
npm i merger-js -g
or
npm install merger-js -g
Make an header file (the source file; the first file to be merged) containing, on the top, comments importing the files in the order you want them to be built, from the first to the last.
Just like in a browser.
Example:
// $import 'sweetalert2/dist/sweetalert2.all.min.js'
// %import 'https://cdnjs.cloudflare.com/ajax/libs/react/16.4.2/cjs/react.development.js'
// %<<github '/twbs/bootstrap/v4-dev/dist/js/bootstrap.min.js'
// @'externalLibs'
// @import<<dir '/enums/'
// @import 'utilities'
// @import 'someModel'
// @import 'someView'
// @import 'someController'
// @import 'someOtherModel'
// @import 'someOtherView'
// @import 'someOtherController'
// @import 'someOtherFeature'
// @import 'fileName'
, you can just // @'fileName'
or $'file-name'
;.js
are optional;// @import '../otherFolder/someFile'
merger init
on the root of your project:
Run merger add
to add a new source file (header file) to your merger configuration file (learn more below in the "Commands" section).
Run merger
or merger build
to start building (learn more below in the "Commands" section).
|-- root/
|-- merger-config.json
|-- package.json
|-- .env
|-- node_modules/
|-- (...)
|-- server/
|-- (...)
|-- client/
|-- css
|-- (...)
|-- js
|-- mergerBuildFile.js
|-- src|-- sourceFile.header.js (the header file containing all the imports; the first file to be build)
|-- utilities.js
|-- someOtherView.js
|-- someOtherModel.js
|-- someController.js
// @import 'relativePathToTheFile'
or // @'relativePathToTheFile'
:
Using an @
token on an import statement imports a file relative to the header file.
<<
) dir
, DIR
, directory
or DIRECTORY
into @import
, imports an entire directory. Using this method, the files are not compiled in any specific order. // @import<<dir '../otherDirectory/'
// @<<DIR 'someDirectoryHere/'
// $import 'pathRelativeToNodeModules'
or // $'node_modules_file'
:
Using a $
token imports relative to the "node_modules" directory.
// %import 'https://specificUrl.com/file.min.js'
or // $'https://specificUrl.com/file.min.js'
:
Using a $
token imports a file from a specific URL. The file is downloaded and stored in node_modules in the first time and later fetch from there in order to not download the file in each build.
If the branch name is not provided, it defaults to the "master" branch.
<<
) GH
, gh
, github
or GITHUB
into %import
, imports a file from a GitHub repository.// %import<<GH '<userName>/<repositoryName>/<branchName>/<pathToFile>'
// $<<github '/twbs/bootstrap/v4-dev/dist/js/bootstrap.min.js'
merger init
: Configure merger. It creates a merger-config.json file on your working directory.
merger log
: Print the configuration file contents.
merger add
: Add a new source file to the merger config file.
You should run this command on the directory where the source file you want to add is located.
MergerJS will give you the directory path, you input the source file name (the extension names are optional), or a relative path to that directory, and MergerJS will locate the configuration file and update it.
merger rm
: Remove a source file from the merger-config file.
You can run this command anywhere within your project (after the configuration file).
MergerJS will give you all your files within your configuration file and you remove one just by selecting it.
merger
or merger build
: Execute the build with the configuration you gave it on the merger-config.json file.
You can run it anywhere within your project's folder.
merger auto
, merger build -a
or merger build --auto
: Execute an automatic build session. You can do this, for example, when you have auto builds turned off and you don't want to change that.merger set <configuration> <value>
: Edit a configuration key on the merger-config file.
You can run it anywhere within your project's folder.
At the moment you can pass:
mnfy
, minify
or uglify
and the <value> -t
/ --true
or -f
/ --false
to set minification to true or false (on/off);auto
or autobuild
and the <value> -t
/ --true
or -f
/ --false
to set auto builds to true or false (on/off);ntfs
, notifs
, notify
, or notifications
and the <value> -t
/ --true
or -f
/ --false
to set the native OS notifications to true or false (on/off);Examples: merger set minify -f
, merger set autobuild --true
, merger set notifs -t
merger update
: Update MergerJS. Same as npm install merger-js -g
Merger uses SemVer for versioning. You can read the changelog here.
JavaScript Standard Style, with semicolons.
Since version 3.5.0, every asynchronous function supports both callbacks and promises (async/await).
When I started doing academic web projects, I felt the need for a build tool to merge all my JS files into one, cleaning the HTML pages and optimizing my workflow.
I wanted something simple and fast, so I built MergerJS to use in my small web-app projects.
v3.6.0 - 04/10/2018
FAQs
Yet another simple cross-platform CLI build tool to bundle JavaScript files, with a custom file import syntax, ES8+ minification, auto build capabilities, and native OS notifications.
The npm package merger-js receives a total of 13 weekly downloads. As such, merger-js popularity was classified as not popular.
We found that merger-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.