Shakapacker is a modern JavaScript and asset bundler for Ruby on Rails applications. It leverages Webpack to manage and compile JavaScript, CSS, and other assets, making it easier to integrate modern front-end tools and frameworks into Rails projects.
What are shakapacker's main functionalities?
JavaScript Bundling
Shakapacker allows you to bundle JavaScript files using Webpack. The code sample demonstrates a basic Webpack configuration for bundling JavaScript files in a Rails application.
Shakapacker can manage CSS and other assets like images. The code sample shows how to configure Webpack to handle CSS files and image assets using appropriate loaders.
Shakapacker supports Hot Module Replacement (HMR) for a better development experience. The code sample configures Webpack's dev server to enable HMR, allowing modules to be updated in the browser without a full reload.
Webpacker is another asset bundler for Rails applications, similar to Shakapacker. It also uses Webpack to manage JavaScript, CSS, and other assets. Webpacker is the predecessor to Shakapacker and offers similar functionalities but may not be as up-to-date with the latest Webpack features.
Vite Rails is a modern alternative to Webpacker and Shakapacker, using Vite as the asset bundler. Vite offers faster build times and a more modern development experience compared to Webpack-based solutions. It is a good option for developers looking for a cutting-edge toolchain.
Shakapacker (v8)
Official, actively maintained successor to rails/webpacker.ShakaCode stands behind the long-term maintenance and development of this project for the Rails community.
⚠️ See the 6-stable branch for Shakapacker v6.x code and documentation. :warning:
See V6 Upgrade for upgrading from v5 or prior v6 releases.
Shakapacker makes it easy to use the JavaScript pre-processor and bundler Webpack v5+
to manage frontend JavaScript in Rails. It can coexist with the asset pipeline,
leaving Webpack responsible solely for frontend JavaScript, or can be used exclusively, making it also responsible for images, fonts, and CSS.
Check out 6.1.1+ for SWC and esbuild-loader support! They are faster than Babel!
ShakaCode focuses on helping Ruby on Rails teams use React and Webpack better. We can upgrade your project and improve your development and customer experiences, allowing you to focus on building new features or fixing bugs instead.
We also specialize in helping development teams lower infrastructure and CI costs. Check out our project Control Plane Flow, which can allow you to get the ease of Heroku with the power of Kubernetes and big cost savings.
If you think ShakaCode can help your project, click here to book a call with Justin Gordon, the creator of React on Rails and Shakapacker.
Here's a testimonial of how ShakaCode can help from Florian Gößler of Blinkist, January 2, 2023:
Hey Justin 👋
I just wanted to let you know that we today shipped the webpacker to shakapacker upgrades and it all seems to be running smoothly! Thanks again for all your support and your teams work! 😍
On top of your work, it was now also very easy for me to upgrade Tailwind and include our external node_module based web component library which we were using for our other (more modern) apps already. That work is going to be shipped later this week though as we are polishing the last bits of it. 😉
Have a great 2023 and maybe we get to work together again later in the year! 🙌
Before initiating the installation process, ensure you have committed all the changes. While installing Shakapacker, there might be some conflict between the existing file content and what Shakapacker tries to copy. You can either approve all the prompts for overriding these files or use the FORCE=true environment variable before the installation command to force the override without any prompt.
Shakapacker uses the package_json gem to handle updating the package.json and interacting with the underlying package manager of choice for managing dependencies and running commands; the package manager is managed using the packageManager property in the package.json, otherwise falling back to the value of PACKAGE_JSON_FALLBACK_MANAGER if set or otherwise npm.
If packageManager is not set when running shakapacker:install, Shakapacker will set it based on the lockfile and the result of calling --version on the inferred manager; if no lockfile is present, then npm be used unless you choose to explicitly set the PACKAGE_JSON_FALLBACK_MANAGER to your preferred package manager.
[!NOTE]
The packageManager property is only used to determine the package manager to use, based primarily on its name.
The version (if present) is only used to determine if Yarn Classic or Yarn Berry should be used, but is otherwise
not checked, nor is corepack used to ensure that the package manager is installed.
It is up to the developer to ensure that the desired package manager is actually install at the right version, which can be done
using corepack or by other means.
See here for a list of the supported package managers and more information; note that package_json does not handle ensuring the manager is installed.
If you wish to use Yarn PnP you will need to configure Babel using a babel.config.js file rather than via package.json - see customizing Babel Config for examples on how to do this.
[!NOTE]
The rest of the documentation will only reference npm when providing commands such as to install optional packages except in cases where
a particular package manager requires a very different command; otherwise it should be safe to just replace npm with the name of your
preferred package manager when running the command
Note, in v6+, most JS packages are peer dependencies. Thus, the installer will add the packages:
@babel/core
@babel/plugin-transform-runtime
@babel/preset-env
@babel/runtime
babel-loader
compression-webpack-plugin
terser-webpack-plugin
webpack
webpack-assets-manifest
webpack-cli
webpack-merge
webpack-sources
webpack-dev-server
Previously, these "webpack" and "babel" packages were direct dependencies for shakapacker. By
making these peer dependencies, you have control over the versions used in your webpack and babel configs.
Concepts
At its core, Shakapacker's essential function is to:
Provide configuration by a single file used by both Rails view helpers and JavaScript webpack compilation code.
Provide Rails view helpers, utilizing this configuration file so that a webpage can load JavaScript, CSS, and other static assets compiled by webpack, supporting bundle splitting, fingerprinting, and HMR.
Provide a community-supported, default webpack compilation that generates the necessary bundles and manifest, using the same configuration file. This compilation can be extended for any needs.
Usage
Configuration and Code
You will need your file system to correspond to the setup of your config/shakapacker.yml file.
Suppose you have the following configuration:
shakapacker.yml
default:&defaultsource_path:app/javascriptsource_entry_path:packspublic_root_path:publicpublic_output_path:packsnested_entries:false# And more
And that maps to a directory structure like this:
app/javascript:
└── packs: # sets up webpack entries
│ └── application.js # references ../src/my_component.js
│ └── application.css
└── src: # any directory name is fine. Referenced files need to be under source_path
│ └── my_component.js
└── stylesheets:
│ └── my_styles.css
└── images:
└── logo.svg
public/packs # webpack output
Webpack intelligently includes only necessary files. In this example, the file packs/application.js would reference ../src/my_component.js
nested_entries allows you to have webpack entry points nested in subdirectories. This defaults to true as of shakapacker v7. With nested_entries: false, you can have your entire source_path used for your source (using the source_entry_path: /) and you place files at the top level that you want as entry points. nested_entries: true allows you to have entries that are in subdirectories. This is useful if you have entries that are generated, so you can have a generated subdirectory and easily separate generated files from the rest of your codebase.
To enable/disable the usage of contentHash in any node environment (specified using the NODE_ENV environment variable), add/modify useContentHash with a boolean value in config/shakapacker.yml. This feature is disabled for all environments except production by default. You may not disable the content hash for a NODE_ENV of production as that would break the browser caching of assets. Notice that despite the possibility of enabling this option for the development environment, it is not recommended.
Setting custom config path
You can use the environment variable SHAKAPACKER_CONFIG to enforce a particular path to the config file rather than the default config/shakapacker.yml.
View Helpers
The Shakapacker view helpers generate the script and link tags to get the webpack output onto your views.
Be sure to consult the API documentation in the source code of helper.rb.
Note: For your styles or static assets files to be available in your view, you would need to link them in your "pack" or entry file. Otherwise, Webpack won't know to package up those files.
View Helpers javascript_pack_tag and stylesheet_pack_tag
These view helpers take your shakapacker.yml configuration file and the resulting webpack compilation manifest.json and generate the HTML to load the assets.
You can then link the JavaScript pack in Rails views using the javascript_pack_tag helper. If you have styles imported in your pack file, you can link them by using stylesheet_pack_tag:
The javascript_pack_tag and stylesheet_pack_tag helpers will include all the transpiled
packs with the chunks in your view, which creates HTML tags for all the chunks.
You can provide multiple packs and other attributes. Note, defer defaults to showing.
In this output, both the calendar and map codes might refer to other common libraries. Those get placed in something like the vendor bundle. The view helper removes any duplication.
Note, the default of "defer" for the javascript_pack_tag. You can override that to false. If you expose jquery globally with expose-loader, by using import $ from "expose-loader?exposes=$,jQuery!jquery" in your app/javascript/application.js, pass the option defer: false to your javascript_pack_tag.
Important: Pass all your pack names as multiple arguments, not multiple calls, when using javascript_pack_tag and the stylesheet_pack_tag. Otherwise, you will get duplicated chunks on the page.
While this also generally applies to stylesheet_pack_tag,
you may use multiple calls to stylesheet_pack_tag if,
say,
you require multiple <style> tags for different output media:
View Helper append_javascript_pack_tag, prepend_javascript_pack_tag and append_stylesheet_pack_tag
If you need to configure your script pack names or stylesheet pack names from the view for a route or partials, then you will need some logic to ensure you call the helpers only once with multiple arguments. The new view helpers, append_javascript_pack_tag and append_stylesheet_pack_tag can solve this problem. The helper append_javascript_pack_tag will queue up script packs when the javascript_pack_tag is finally used. Similarly,append_stylesheet_pack_tag will queue up style packs when the stylesheet_pack_tag is finally used.
However, you typically can't do that in the main layout, as the view and partial codes will depend on the route.
Thus, you can distribute the logic of what packs are needed for any route. All the magic of splitting up the code and CSS was automatic!
Important: These helpers can be used anywhere in your application as long as they are executed BEFORE (javascript/stylesheet)_pack_tag respectively. If you attempt to call one of these helpers after the respective (javascript/stylesheet)_pack_tag, an error will be raised.
The typical issue is that your layout might reference some partials that need to configure packs. A good way to solve this problem is to use content_for to ensure that the code to render your partial comes before the call to javascript_pack_tag.
There is also prepend_javascript_pack_tag that will put the entry at the front of the queue. This is handy when you want an entry in the main layout to go before the partial and main layout append_javascript_pack_tag entries.
Note, if you are using server-side rendering of JavaScript with dynamic code-splitting, as is often done with extensions to Shakapacker, like React on Rails, your JavaScript should create the link prefetch HTML tags that you will use, so you won't need to use to asset_pack_path in those circumstances.
Development
Shakapacker ships with two binstubs: ./bin/shakapacker and ./bin/shakapacker-dev-server. Both are thin wrappers around the standard webpack.js and webpack-dev-server.js executables to ensure that the right configuration files and environmental variables are loaded based on your environment.
Note: older Shakapacker installations had set a missing NODE_ENV in the binstubs. Please remove this for versions 6.5.2 and newer.
Automatic Webpack Code Building
Shakapacker can be configured to automatically compile on demand when needed using compile option in the shakapacker.yml. This happens when you refer to any of the pack assets using the Shakapacker helper methods. This means that you don't have to run any separate processes. Compilation errors are logged to the standard Rails log. However, this auto-compilation happens when a web request is made that requires an updated webpack build, not when files change. Thus, that can be painfully slow for front-end development in this default way. Instead, you should either run the bin/shakapacker --watch or run ./bin/shakapacker-dev-server during development.
The compile: true option can be more useful for test and production builds.
Compiler strategies
Shakapacker ships with two different strategies that are used to determine whether assets need recompilation per the compile: true option:
digest - This strategy calculates SHA1 digest of files in your watched paths (see below). The calculated digest is then stored in a temp file. To check whether the assets need to be recompiled, Shakapacker calculates the SHA1 of the watched files and compares it with the one stored. If the digests are equal, no recompilation occurs. If the digests are different or the temp file is missing, files are recompiled.
mtime - This strategy looks at the last "modified at" timestamps of both files AND directories in your watched paths. The timestamp of the most recent file or directory is then compared with the timestamp of manifest.json file generated. If the manifest file timestamp is newer than one of the most recently modified files or directories in the watched paths, no recompilation occurs. If the manifest file is older, files are recompiled.
The mtime strategy is generally faster than the digest one, but it requires stable timestamps, this makes it perfect for a development environment, such as needing to rebuild bundles for tests, or if you're not changing frontend assets much.
In production or CI environments, the digest strategy is more suitable, unless you are using incremental builds or caching and can guarantee that the timestamps will not change after e.g. cache restore. However, many production or CI environments will explicitly compile assets, so compile: false is more appropriate. Otherwise, you'll waste time either checking file timestamps or computing digests.
You can control what strategy is used by the compiler_strategy option in shakapacker.yml config file. By default mtime strategy is used in development environment, digest is used elsewhere.
[!NOTE]
If you are not using the shakapacker-dev-server, your packs will be served by the Rails public file server.
If you've enabled caching (Rails application config.action_controller.perform_caching setting),
your changes will likely not be picked up due to Cache-Control header being set and assets being cached in the browser memory.
If you want to use live code reloading, or you have enough JavaScript that on-demand compilation is too slow, you'll need to run ./bin/shakapacker-dev-server. This process will watch for changes in the relevant files, defined by shakapacker.yml configuration settings for source_path, source_entry_path, and additional_paths, and it will then automatically reload the browser to match. This feature is also known as Hot Module Replacement.
Common Development Commands
# webpack dev server
./bin/shakapacker-dev-server
# watcher
./bin/shakapacker --watch --progress
# standalone build
./bin/shakapacker --progress
Once you start this webpack development server, Shakapacker will automatically start proxying all webpack asset requests to this server. When you stop this server, Rails will detect that it's not running and Rails will revert back to on-demand compilation if you have the compile option set to true in your config/shakapacker.yml
You can use environment variables as options supported by webpack-dev-server in the form SHAKAPACKER_DEV_SERVER_<OPTION>. Please note that these environmental variables will always take precedence over the ones already set in the configuration file, and that the same environmental variables must be available to the rails server process.
By default, the webpack dev server listens on localhost:3035 in development for security purposes. However, if you want your app to be available on port 4035 over local LAN IP or a VM instance like vagrant, you can set the port and host when running ./bin/shakapacker-dev-server binstub:
Note: You need to allow webpack-dev-server host as an allowed origin for connect-src if you are running your application in a restrict CSP environment (like Rails 5.2+). This can be done in Rails 5.2+ in the CSP initializer config/initializers/content_security_policy.rb with a snippet like this:
Rails.application.config.content_security_policy do |policy|
policy.connect_src :self, :https, 'http://localhost:3035', 'ws://localhost:3035'ifRails.env.development?
end
Note: Don't forget to prefix ruby when running these binstubs on Windows
Webpack Configuration
First, you don't need to use Shakapacker's webpack configuration. However, the shakapacker NPM package provides convenient access to configuration code that reads the config/shakapacker.yml file which the view helpers also use. If you have your customized webpack configuration, at the minimum, you must ensure:
Your output files go to the right directory
Your output includes a manifest, via package webpack-assets-manifest that maps output names (your 'packs') to the fingerprinted versions, including bundle-splitting dependencies. That's the main secret sauce of Shakapacker!
The webpack configuration used by Shakapacker lives in config/webpack/webpack.config.js; this makes it easy to customize the configuration beyond what's available in config/shakapacker.yml by giving you complete control of the final configuration. By default, this file exports the result of generateWebpackConfig which handles generating a webpack configuration based on config/shakapacker.yml.
The easiest way to modify this config is to pass your desired customizations to generateWebpackConfig which will use webpack-merge to merge them with the configuration generated from config/shakapacker.yml:
// config/webpack/webpack.config.jsconst { generateWebpackConfig } = require('shakapacker')
const options = {
resolve: {
extensions: ['.css', '.ts', '.tsx']
}
}
// This results in a new object copied from the mutable globalmodule.exports = generateWebpackConfig(options)
The shakapacker package also exports the merge function from webpack-merge to make it easier to do more advanced customizations:
Shakapacker gives you a default configuration file config/webpack/webpack.config.js, which, by default, you don't need to make any changes to config/webpack/webpack.config.js since it's a standard production-ready configuration. However, you will probably want to customize or add a new loader by modifying the webpack configuration, as shown above.
You might add separate files to keep your code more organized.
Then require this file in your config/webpack/webpack.config.js:
// config/webpack/webpack.config.js// use the new NPM package name, `shakapacker`.const { generateWebpackConfig } = require('shakapacker')
const customConfig = require('./custom')
module.exports = generateWebpackConfig(customConfig)
If you need access to configs within Shakapacker's configuration, you can import them like so:
// config/webpack/webpack.config.jsconst { generateWebpackConfig } = require('shakapacker')
const webpackConfig = generateWebpackConfig()
console.log(webpackConfig.output_path)
console.log(webpackConfig.source_path)
// Or to print out your whole webpack configurationconsole.log(JSON.stringify(webpackConfig, undefined, 2))
You may want to modify the rules in the default configuration. For instance, if you are using a custom svg loader, you may want to remove .svg from the default file loader rules. You can search and filter the default rules like so:
const fileRule = config.module.rules.find(rule => rule.test.test('.svg'));
// removing svg from asset file rule's test RegExp
fileRule.test = /\.(bmp|gif|jpe?g|png|tiff|ico|avif|webp|eot|otf|ttf|woff|woff2)$/// changing the rule type from 'asset/resource' to 'asset'. See https://webpack.js.org/guides/asset-modules/
fileRule.type = 'asset'
Babel configuration
By default, you will find the Shakapacker preset in your package.json. Note, you need to use the new NPM package name, shakapacker.
You can try out experimental integration with the SWC loader. You can read more at SWC usage docs.
Please note that if you want opt-in to use SWC, you can skip React integration instructions as it is supported out of the box.
esbuild loader configuration
You can try out experimental integration with the esbuild-loader. You can read more at esbuild-loader usage docs.
Please note that if you want opt-in to use esbuild-loader, you can skip React integration instructions as it is supported out of the box.
Integrations
Shakapacker out of the box supports JS and static assets (fonts, images etc.) compilation. To enable support for CoffeeScript or TypeScript install relevant packages:
You will also need to install Dart Sass, Node Sass or Sass Embedded to pick the implementation to use. sass-loader will automatically pick an implementation based on installed packages.
Please refer to sass-loader documentation and individual packages repos for more information on all the options.
Dart Sass
npm install sass
Node Sass
npm install node-sass
Sass Embedded
npm install sass-embedded
Less
npm install less less-loader
Stylus
npm install stylus stylus-loader
CoffeeScript
npm install coffeescript coffee-loader
Other frameworks
Please follow Webpack integration guide for the relevant framework or library,
Out of the box Shakapacker ships with - development, test and production environments in config/shakapacker.yml however, in most production apps extra environments are needed as part of the deployment workflow. Shakapacker supports this out of the box from version 3.4.0+ onwards.
You can choose to define additional environment configurations in shakapacker.yml,
staging:<<:*default# Production depends on precompilation of packs prior to booting for performance.compile:false# Cache manifest.json for performancecache_manifest:true# Compile staging packs to a separate directorypublic_output_path:packs-staging
Otherwise, Shakapacker will use the production environment as a fallback environment for loading configurations. Please note, NODE_ENV can either be set to production, development or test. This means you don't need to create additional environment files inside config/shakapacker/* and instead use shakapacker.yml to load different configurations using RAILS_ENV.
For example, the below command will compile assets in production mode but will use staging configurations from config/shakapacker.yml if available or use fallback production environment configuration:
And, this will compile in development mode and load configuration for the cucumber environment if defined in shakapacker.yml or fallback to production configuration
Please note, binstubs compiles in development mode however rake tasks compiles in production mode.
# Compiles in development mode unless NODE_ENV is specified, per the binstub source
./bin/shakapacker
./bin/shakapacker-dev-server
# Compiles in production mode by default unless NODE_ENV is specified, per `lib/tasks/shakapacker/compile.rake`
bundle exec rails assets:precompile
bundle exec rails shakapacker:compile
Upgrading
You can run the following commands to upgrade Shakapacker to the latest stable version. This process involves upgrading the gem and related JavaScript packages:
# check your Gemfile for version restrictions
bundle update shakapacker
# overwrite your changes to the default install files and revert any unwanted changes from the install
rails shakapacker:install
# using npm
npm install shakapacker@latest
npm install webpack-dev-server@latest
# using yarn classic
yarn upgrade shakapacker --latest
yarn upgrade webpack-dev-server --latest
# using yarn berry
yarn up shakapacker@latest
yarn up webpack-dev-server@latest
# using pnpm
pnpm up shakapacker@latest
pnpm up webpack-dev-server@latest
# Or to install the latest release (including pre-releases)
npm install shakapacker@next
Also, consult the CHANGELOG for additional upgrade links.
Paths
By default, Shakapacker ships with simple conventions for where the JavaScript app files and compiled webpack bundles will go in your Rails app. All these options are configurable from config/shakapacker.yml file.
The configuration for what webpack is supposed to compile by default rests on the convention that every file in app/javascript/(default) or whatever path you set for source_entry_path in the shakapacker.yml configuration is turned into their own output files (or entry points, as webpack calls it). Therefore you don't want to put any file inside app/javascript directory that you do not want to be an entry file. As a rule of thumb, put all files you want to link in your views inside "app/javascript/" directory and keep everything else under subdirectories like app/javascript/controllers.
Suppose you want to change the source directory from app/javascript to frontend and output to assets/packs. This is how you would do it:
# config/shakapacker.ymlsource_path:frontend# packs are the files in frontend/public_output_path:assets/packs# outputs to => public/assets/packs
Similarly, you can also control and configure webpack-dev-server settings from config/shakapacker.yml file:
If you have hmr turned to true and inline_css is not false, then the stylesheet_pack_tag generates no output, as you will want to configure your styles to be inlined in your JavaScript for hot reloading. During production and testing, the stylesheet_pack_tag will create the appropriate HTML tags.
If you want to have HMR and separate link tags, set hmr: true and inline_css: false. This will cause styles to be extracted and reloaded with the mini-css-extract-plugin loader. Note that in this scenario, you do not need to include style-loader in your project dependencies.
Additional paths
If you are adding Shakapacker to an existing app that has most of the assets inside app/assets or inside an engine, and you want to share that with webpack modules, you can use the additional_paths option available in config/shakapacker.yml. This lets you
add additional paths that webpack should look up when resolving modules:
additional_paths: ['app/assets', 'vendor/assets']
You can then import these items inside your modules like so:
// Note it's relative to parent directory i.e. app/assetsimport'stylesheets/main'import'images/rails.png'
Assets put in these folders will also have their path stripped just like with the source_path.
Example:
A file in app/assets/images/image.svg with additional_paths: ['app/assets'] will result in static/images/image.svg
Note: Please be careful when adding paths here otherwise it will make the compilation slow, consider adding specific paths instead of the whole parent directory if you just need to reference one or two modules
Also note: While importing assets living outside your source_path defined in shakapacker.yml (like, for instance, assets under app/assets) from within your packs using relative paths like import '../../assets/javascripts/file.js' will work in development, Shakapacker won't recompile the bundle in production unless a file that lives in one of it's watched paths has changed (check out Shakapacker::MtimeStrategy#latest_modified_timestamp or Shakapacker::DigestStrategy#watched_files_digest depending on strategy configured by compiler_strategy option in shakapacker.yml). That's why you'd need to add app/assets to the additional_paths as stated above and use import 'javascripts/file.js' instead.
Deployment
Shakapacker hooks up a new shakapacker:compile task to assets:precompile, which gets run whenever you run assets:precompile. If you are not using Sprockets, shakapacker:compile is automatically aliased to assets:precompile. Similar to sprockets both rake tasks will compile packs in production mode but will use RAILS_ENV to load configuration from config/shakapacker.yml (if available).
This behavior is optional & can be disabled by either setting a SHAKAPACKER_PRECOMPILE environment variable to false, no, n, or f, or by setting a shakapacker_precompile key in your shakapacker.yml to false. (source code)
When compiling assets for production on a remote server, such as a continuous integration environment, it's recommended to ensure the exact versions specified in your lockfile are installed:
# using npm
npm ci
# using yarn classic
yarn install --frozen-lockfile
# using yarn berry
yarn install --immutable
# using pnpm
pnpm install --frozen-lockfile
# using bun
bun install --frozen-lockfile
If you are using a CDN setup, Shakapacker does NOT use the ASSET_HOST environment variable to prefix URLs for assets during bundle compilation. You must use the SHAKAPACKER_ASSET_HOST environment variable instead (WEBPACKER_ASSET_HOST if you're using any version of Webpacker or Shakapacker before Shakapacker v7).
The following companies support our Open Source projects, and ShakaCode uses their products!
[v8.0.2] - August 28, 2024
Fixed
Fix wrong instruction in esbuild loader documentation PR 504 by adriangohjw.
Add logic to sass rule conditional on sass-loader version PR 508 by Judahmeek.
FAQs
Use webpack to manage app-like JavaScript modules in Rails
The npm package shakapacker receives a total of 102,152 weekly downloads. As such, shakapacker popularity was classified as popular.
We found that shakapacker demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.It has 0 open source maintainers collaborating on the project.
Package last updated on 29 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."