Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
p-defer-es5
Advanced tools
Readme
This package is based on p-defer
. It did not contains an ES5 module. Importing the module directly or indirectly may break web apps running on ES5 browsers.
On install, this package will transpile your version of p-defer
to make it compatible with ES5 browsers.
Package authors should consider importing this package instead of p-defer
, so your packages will not break your users due to having p-defer
as a transient dependency.
To install in your project, run:
npm install p-defer p-defer-es5
You can also use it in HTML:
<script src="https://unpkg.com/p-defer/dist/p-defer-es5.production.min.js"></script>
On postinstall
, this package will run Babel and Webpack to transpile p-defer
into a single file.
This package peer-depends on p-defer
. Thus, you can select your own version of p-defer
.
p-defer
When you update p-defer
, re-run npm install p-defer-es5
to get the latest package transpiled.
Instead of importing this package, there are alternative workarounds you can use.
You can copy the source code of p-defer
into your web app and use your build pipeline transpile the original package.
Be sure to include the original license and continue to depends on the package to make sure npm audit
will scan for vulnerabilities.
Webpack do not transpile code under /node_modules/
unless specified explicitly. You can modify webpack.config.js
to include /node_modules/p-defer/
and use babel-loader
to transpile it on-the-fly.
Like us? Star us.
Want to make it better? File us an issue.
Don't like something you see? Submit a pull request.
FAQs
Unknown package
The npm package p-defer-es5 receives a total of 7,437 weekly downloads. As such, p-defer-es5 popularity was classified as popular.
We found that p-defer-es5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.