Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
raw-loader
Advanced tools
The `raw-loader` npm package is used to import files as a string in JavaScript modules. It is commonly used in web development projects to include file contents directly into JavaScript code, such as importing HTML, CSS, or SVG files. This can be particularly useful for embedding small templates, styles, or assets directly into JavaScript bundles without the need for separate HTTP requests to load these resources.
Importing text files
This feature allows you to import the contents of text files, such as `.txt` files, directly into your JavaScript code as a string. This can be useful for embedding static text resources.
import myText from './file.txt';
Importing HTML templates
With `raw-loader`, you can import HTML templates directly into your JavaScript modules. This is particularly useful in frameworks or libraries that allow for template strings, enabling you to keep HTML templates in separate files for better organization.
import myTemplate from './template.html';
Importing CSS as a string
This feature allows importing CSS files as strings. This can be useful for injecting styles directly into the DOM using JavaScript, or for use with CSS-in-JS libraries that accept CSS as a string.
import styles from './styles.css';
Similar to `raw-loader`, `to-string-loader` converts files to a string, but it is often used in conjunction with other loaders, such as `css-loader` for stylesheets. It allows for more flexibility in handling different types of files as strings.
The `val-loader` executes code as a module and can be used to generate code strings dynamically. While it serves a different primary purpose compared to `raw-loader`, it offers an alternative approach to embedding dynamic content in JavaScript bundles.
The `html-loader` handles HTML files, similar to how `raw-loader` can be used for HTML templates. However, `html-loader` also processes images and links within the HTML, resolving `src` and `href` as module requests, providing more comprehensive handling of HTML files.
A loader for webpack that allows importing files as a String.
To begin, you'll need to install raw-loader
:
$ npm install raw-loader --save-dev
Then add the loader to your webpack
config. For example:
file.js
import txt from './file.txt';
webpack.config.js
// webpack.config.js
module.exports = {
module: {
rules: [
{
test: /\.txt$/i,
use: 'raw-loader',
},
],
},
};
And run webpack
via your preferred method.
Name | Type | Default | Description |
---|---|---|---|
esModule | {Boolean} | true | Uses ES modules syntax |
esModule
Type: Boolean
Default: true
By default, raw-loader
generates JS modules that use the ES modules syntax.
There are some cases in which using ES modules is beneficial, like in the case of module concatenation and tree shaking.
You can enable a CommonJS module syntax using:
webpack.config.js
module.exports = {
module: {
rules: [
{
test: /\.txt$/i,
use: [
{
loader: 'raw-loader',
options: {
esModule: false,
},
},
],
},
],
},
};
import txt from 'raw-loader!./file.txt';
Beware, if you already define loader(s) for extension(s) in webpack.config.js
you should use:
import css from '!!raw-loader!./file.txt'; // Adding `!!` to a request will disable all loaders specified in the configuration
Please take a moment to read our contributing guidelines if you haven't yet done so.
FAQs
A loader for webpack that allows importing files as a String
The npm package raw-loader receives a total of 2,755,167 weekly downloads. As such, raw-loader popularity was classified as popular.
We found that raw-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.