Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
next-offline-v4-fixed
Advanced tools
Use Workbox with
Next.js and
easily enable offline functionality in your application!
$ npm install --save next-offline
$ yarn add next-offline
There are two important things to set up, first we need next-offline
to wrap your next config.
If you haven't yet, create a next.config.js
in your project.
// next.config.js
const withOffline = require('next-offline')
const nextConfig = {
...
}
module.exports = withOffline(nextConfig)
Next we need to make sure our the application is properly serving the service worker, this setup depends on how you're hosting your application. There is documentation below. If you're not using Now 2.0, the Now 1.0 example should work in most circumstances.
Because service workers are so powerful, the API has some restrictions built in. For example, service workers must be served on the domain they're being used on - you can't use a CDN.
You'll want to use the next.js custom server API. The easiest way to do that is creating a server.js
that looks like this:
const { createServer } = require('http')
const { join } = require('path')
const { parse } = require('url')
const next = require('next')
const app = next({ dev: process.env.NODE_ENV !== 'production' })
const handle = app.getRequestHandler()
app.prepare()
.then(() => {
createServer((req, res) => {
const parsedUrl = parse(req.url, true)
const { pathname } = parsedUrl
// handle GET request to /service-worker.js
if (pathname === '/service-worker.js') {
const filePath = join(__dirname, '.next', pathname)
app.serveStatic(req, res, filePath)
} else {
handle(req, res, parsedUrl)
}
})
.listen(3000, () => {
console.log(`> Ready on http://localhost:${3000}`)
})
})
You can read more about custom servers in the Next.js docs
If you're not hosting with Now, I'd probably follow the Now 1.0 approach because the custom server API can enable a lot of functionality, it just simply doesn't work well with Now 2.0 🙇♂️
Because Now 2.0 works so different than the previous version, so does serving the service worker. There are a few different ways to do this, but I'd recommend checking out this now2 example app. The changes to be aware of are in the now.json and next.config.js.
By default next-offline
will register a service worker with the script below, this is automatically added to your client side bundle once withOffline
is invoked.
if ('serviceWorker' in navigator) {
window.addEventListener('load', function () {
navigator.serviceWorker.register('/service-worker.js', { scope: '/' }).then(function (registration) {
console.log('SW registered: ', registration)
}).catch(function (registrationError) {
console.log('SW registration failed: ', registrationError)
})
})
}
Alternative to compile-time, you can take control of registering/unregistering in your application code by using the next-offline/runtime
module.
import { register, unregister } from 'next-offline/runtime'
class App extends React.Component {
componentDidMount () {
register()
}
componentWillUnmount () {
unregister()
}
..
}
If you're handling registration on your own, pass dontAutoRegisterSw
to next-offline.
// next.config.js
const withOffline = require('next-offline')
module.exports = withOffline({ dontAutoRegisterSw: true })
If you're new to workbox, I'd recommend reading this quick guide -- anything inside of worboxOpts
will be passed to workbox-webpack-plugin
.
Define a workboxOpts
object in your next.config.js
and it will gets passed to workbox-webpack-plugin. Workbox is what next-offline
uses under the hood to generate the service worker, you can learn more about it here.
// next.config.js
const withOffline = require('next-offline')
const nextConfig = {
workboxOpts: {
...
}
}
module.exports = withOffline(nextConfig)
On top of the workbox options, next-offline has some options built in flags to give you finer grain control over how your service worker gets generated.
Name | Type | Description | Default |
---|---|---|---|
generateSw | Boolean | If false, next-offline will not generate a service worker and will instead try to modify workboxOpts.swSrc | true |
dontAutoRegisterSw | Boolean | If true, next-offline won't automatically push the registration script into the application code. This is required if you're using runtime registration or are handling registration on your own. | false |
devSwSrc | String | Path to be registered by next-offline during development. By default next-offline will register a noop during development | false |
generateInDevMode | Boolean | If true, the service worker will also be generated in development mode. Otherwise the service worker defined in devSwSrc will be used. | false |
registerSwPrefix | String | If your service worker isn't at the root level of your application, this can help you prefix the path. This is useful if you'd like your service worker on foobar.com/my/long/path/service-worker.js | false |
scope | String | This is passed to the automatically registered service worker allowing increase or decrease what the service worker has control of. | "/" |
transformManifest | Function | This is passed the manifest, allowing you to customise the list of assets for the service worker to precache. | (manifest) => manifest |
By default next-offline
has the following blanket runtime caching strategy. If you customize next-offline
with workboxOpts
, the default behaviour will not be passed into workbox-webpack-plugin
. This article is great at breaking down various different cache recipes.
{
globPatterns: ['static/**/*'],
globDirectory: '.',
runtimeCaching: [
{
urlPattern: /^https?.*/,
handler: 'NetworkFirst',
options: {
cacheName: 'offlineCache',
expiration: {
maxEntries: 200
}
}
}
]
}
// next.config.js
const withOffline = require('next-offline')
module.exports = withOffline({
workboxOpts: {
runtimeCaching: [
{
urlPattern: /.png$/,
handler: 'CacheFirst'
},
{
urlPattern: /api/,
handler: 'NetworkFirst',
options: {
cacheableResponse: {
statuses: [0, 200],
headers: {
'x-test': 'true'
}
}
}
}
]
}
})
If your application doesn't live on the root of your domain, you can use registerSwPrefix
. This is helpful if your application is on domain.com/my/custom/path because by default next-offline
assumes your application is on domain.com and will try to register domain.com/service-worker.js. We can't support using assetPrefix
because service workers must be served on the root domain. For a technical breakdown on that limitation, see the following link: Is it possible to serve service workers from CDN/remote origin?
By default next-offline
will precache all the Next.js webpack emitted files and the user-defined static ones (inside /static
) - essentially everything that is exported as well.
If you'd like to include some more or change the origin of your static files use the given workbox options:
workboxOpts: {
globPatterns: ['app/static/**/*', 'any/other/fileglob/to/cache'],
globDirectory: '.',
modifyUrlPrefix: {
'app': assetPrefix,
},
runtimeCaching: {...}
}
By default next-offline
will add a no-op service worker in development. If you want to provide your own pass its filepath to devSwSrc
option. This is particularly useful if you want to test web push notifications in development, for example.
// next.config.js
const withOffline = require('next-offline')
module.exports = withOffline({
devSwSrc: '/path/to/my/dev/service-worker.js'
})
You can disable this behavior by setting the generateInDevMode
option to true
.
In next-offline@3.0.0 we've rewritten the export functionality to work in more cases, more reliably, with less code thanks to some of the additions in Next 7.0.0!
You can read more about exporting at Next.js docs but next offline should Just Work™️.
If you're upgrading to the latest version of next-offline
I recommend glancing at what's been added/changed inside of workbox in 4.x releases along with the 4.0 release which included the breaking changes. Next Offline's API hasn't changed, but a core depedency has!
Questions? Feedback? Please let me know
WWWWWW||WWWWWW
W W W||W W W
||
( OO )__________
/ | \
/o o| MIT \
\___/||_||__||_|| *
|| || || ||
_||_|| _||_||
(__|__|(__|__|
Copyright © 2017-present Jack Hanford, jackhanford@gmail.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
next-offline
The npm package next-offline-v4-fixed receives a total of 1 weekly downloads. As such, next-offline-v4-fixed popularity was classified as not popular.
We found that next-offline-v4-fixed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.