Security News
Scaling Socket from Zero to 10,000+ Organizations
Socket CEO Feross Aboukhadijeh shares lessons from scaling a developer security startup to 10,000+ organizations in this founder interview.
By Sarah GoodingΒ - Β Dec 02, 2025
π¨ Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis β
- Version
- 2.0.0-canary.1861
- Version published
- Weekly downloads
- 273K 4.18%
- Maintainers
- 1
Weekly downloads
Β
- Created
Parcel is a zero configuration build tool for the web. It combines a great out-of-the-box development experience with a scalable architecture that can take your project from just getting started to massive production application.
Features
- π Zero config β Parcel supports many languages and file types out of the box, from web technologies like HTML, CSS, and JavaScript, to assets like images, fonts, videos, and more. It has a built-in dev server with hot reloading, beautiful error diagnostics, and much more. No configuration needed!
- β‘οΈ Lightning fast β Parcel's JavaScript compiler is written in Rust for native performance. Your code is built in parallel using worker threads, utilizing all of the cores on your machine. Everything is cached, so you never build the same code twice. It's like using watch mode, but even when you restart Parcel!
- π Automatic production optimization β Parcel optimizes your whole app for production automatically. This includes tree-shaking and minifying your JavaScript, CSS, and HTML, resizing and optimizing images, content hashing, automatic code splitting, and much more.
- π― Ship for any target β Parcel automatically transforms your code for your target environments. From modern and legacy browser support, to zero config JSX and TypeScript compilation, Parcel makes it easy to build for any target β or many!
- π Scalable β Parcel requires zero configuration to get started. But as your application grows and your build requirements become more complex, it's possible to extend Parcel in just about every way. A simple configuration format and powerful plugin system that's designed from the ground up for performance means Parcel can support projects of any size.
Getting Started
See the following guides in our documentation on how to get started with Parcel.
Documentation
Read the docs at https://parceljs.org/docs/.
Community
- β Ask questions on GitHub Discussions.
- π¬ Join the community on Discord.
- π£ Stay up to date on new features and announcements on Twitter.
Contributors
This project exists thanks to all the people who contribute. [Contribute].
Backers
Thank you to all our backers! π [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
Other packages similar to parcel
webpack
Webpack is a highly configurable module bundler for JavaScript applications. Unlike Parcel, Webpack requires a configuration file to get started, but it offers more flexibility and a larger ecosystem of plugins and loaders.
rollup
Rollup is a module bundler for JavaScript that focuses on ES6 modules. It is known for its smaller bundle sizes and tree-shaking capabilities. Rollup is often used for library development, whereas Parcel is more commonly used for web applications.
esbuild
Esbuild is an extremely fast JavaScript bundler and minifier. It is written in Go and is designed to be much faster than other bundlers like Webpack and Parcel. However, it is less mature and has fewer features compared to Parcel.
FAQs
Blazing fast, zero configuration web application bundler
The npm package parcel receives a total of 218,994 weekly downloads. As such, parcel popularity was classified as popular.
We found that parcel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Package last updated on 19 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Inside the GitHub Infrastructure Powering North Koreaβs Contagious Interview npm Attacks
Socket Threat Research maps a rare inside look at OtterCookieβs npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operators.
By Kirill BoychenkoΒ - Β Nov 26, 2025
Research
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an attacker wallet.
By Kush PandyaΒ - Β Nov 25, 2025