Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
shakapacker
Advanced tools
Shakapacker is a modern JavaScript and asset bundler for Ruby on Rails applications. It leverages Webpack to manage and compile JavaScript, CSS, and other assets, making it easier to integrate modern front-end tools and frameworks into Rails projects.
JavaScript Bundling
Shakapacker allows you to bundle JavaScript files using Webpack. The code sample demonstrates a basic Webpack configuration for bundling JavaScript files in a Rails application.
module.exports = {
entry: './app/javascript/packs/application.js',
output: {
filename: 'bundle.js',
path: path.resolve(__dirname, 'public/packs')
}
};
CSS and Asset Management
Shakapacker can manage CSS and other assets like images. The code sample shows how to configure Webpack to handle CSS files and image assets using appropriate loaders.
module.exports = {
module: {
rules: [
{
test: /\.css$/,
use: ['style-loader', 'css-loader']
},
{
test: /\.(png|svg|jpg|gif)$/,
use: ['file-loader']
}
]
}
};
Hot Module Replacement (HMR)
Shakapacker supports Hot Module Replacement (HMR) for a better development experience. The code sample configures Webpack's dev server to enable HMR, allowing modules to be updated in the browser without a full reload.
module.exports = {
devServer: {
contentBase: path.join(__dirname, 'public'),
hot: true
}
};
Webpacker is another asset bundler for Rails applications, similar to Shakapacker. It also uses Webpack to manage JavaScript, CSS, and other assets. Webpacker is the predecessor to Shakapacker and offers similar functionalities but may not be as up-to-date with the latest Webpack features.
Vite Rails is a modern alternative to Webpacker and Shakapacker, using Vite as the asset bundler. Vite offers faster build times and a more modern development experience compared to Webpack-based solutions. It is a good option for developers looking for a cutting-edge toolchain.
Official, actively maintained successor to rails/webpacker. Internal naming for shakapacker
will continue to use webpacker
where possible for v6. ShakaCode stands behind long-term maintainence and development of this project for the Rails community.
Webpacker makes it easy to use the JavaScript pre-processor and bundler Webpack v5+ to manage application-like JavaScript in Rails. It can coexist with the asset pipeline, leaving Webpack responsible solely for app-like JavaScript, or it can be used exclusively, making it also responsible for images, fonts, and CSS.
Check out 6.1.0.beta.0 for SWC support! It's way faster than babel.
See a comparison of webpacker with jsbundling-rails.
Discussion forums to discuss debugging and troubleshooting tips. Please open issues for bugs and feature requests:
Requires extra packages to be installed.
With Rails v6+, skip JavaScript for a new app and follow below Manual Installation Steps to manually add the shakapacker
gem to your Gemfile.
rails new myapp --skip-javascript
Note, Rails 6 installs the older v5 version of webpacker unless you specify --skip-javascript
.
Update your Gemfile
:
# Gemfile
gem 'shakapacker', '~> 6.0'
Then running the following to install Webpacker:
./bin/bundle install
./bin/rails webpacker:install
When package.json
and/or yarn.lock
changes, such as when pulling down changes to your local environment in a team settings, be sure to keep your NPM packages up-to-date:
yarn
Note, in v6, most JS packages are peer dependencies. Thus, the installer will add the packages:
yarn add @babel/core @babel/plugin-transform-runtime @babel/preset-env @babel/runtime babel-loader \
compression-webpack-plugin terser-webpack-plugin \
webpack webpack-assets-manifest webpack-cli webpack-merge webpack-sources webpack-dev-server
Previously, these "webpack" and "babel" packages were direct dependencies for webpacker
. By
making these peer dependencies, you have control over the versions used in your webpack and babel configs.
If you are still using Sprockets for some of your assets, you might want to include files from node_modules
directory in your asset pipeline. This is useful, for example, if you want to reference a stylesheet from a node package in your .scss
stylesheet.
In order to enable this, make sure you add node_modules
to the asset load path by adding the following in an initializer (for example config/initializers/assets.rb
)
Rails.application.config.assets.paths << Rails.root.join('node_modules')
If you are using Yarn v2 (berry), please note that PnP modules are not supported.
In order to use Shakapacker with Yarn v2, make sure you set nodeLinker: node-modules
in your .yarnrc.yml
file as per the Yarn docs to opt out of Plug'n'Play behaviour.
Once installed, you can start writing modern ES6-flavored JavaScript apps right away:
app/javascript:
# Only Webpack entry files here
└── application.js
└── application.css
└── src:
│ └── my_component.js
└── stylesheets:
│ └── my_styles.css
└── images:
└── logo.svg
You can then link the JavaScript pack in Rails views using the javascript_pack_tag
helper. If you have styles imported in your pack file, you can link them by using stylesheet_pack_tag
:
<%= javascript_pack_tag 'application' %>
<%= stylesheet_pack_tag 'application' %>
The javascript_pack_tag
and stylesheet_pack_tag
helpers will include all the transpiled
packs with the chunks in your view, which creates html tags for all the chunks.
The result looks like this:
<%= javascript_pack_tag 'calendar', 'map', 'data-turbolinks-track': 'reload' %>
<script src="/packs/vendor-16838bab065ae1e314.js" data-turbolinks-track="reload" defer></script>
<script src="/packs/calendar~runtime-16838bab065ae1e314.js" data-turbolinks-track="reload" defer></script>
<script src="/packs/calendar-1016838bab065ae1e314.js" data-turbolinks-track="reload" defer"></script>
<script src="/packs/map~runtime-16838bab065ae1e314.js" data-turbolinks-track="reload" defer></script>
<script src="/packs/map-16838bab065ae1e314.js" data-turbolinks-track="reload" defer></script>
Important: Pass all your pack names as multiple arguments, not multiple calls, when using javascript_pack_tag
and the stylesheet_pack_tag
. Otherwise, you will get duplicated chunks on the page. Be especially careful if you might be calling these view helpers from your view, partials, and the layout for a page. You will need some logic to ensure you call the helpers only once with multiple arguments.
<%# DO %>
<%= javascript_pack_tag 'calendar', 'map' %>
<%= stylesheet_pack_tag 'calendar', 'map' %>
<%# DON'T %>
<%= javascript_pack_tag 'calendar' %>
<%= javascript_pack_tag 'map' %>
<%= stylesheet_pack_tag 'calendar' %>
<%= stylesheet_pack_tag 'map' %>
If you want to link a static asset for <img />
tag, you can use the asset_pack_path
helper:
<img src="<%= asset_pack_path 'images/logo.svg' %>" />
Or use the dedicated helper:
<%= image_pack_tag 'application.png', size: '16x10', alt: 'Edit Entry' %>
<%= image_pack_tag 'picture.png', srcset: { 'picture-2x.png' => '2x' } %>
If you want to create a favicon:
<%= favicon_pack_tag 'mb-icon.png', rel: 'apple-touch-icon', type: 'image/png' %>
If you want to preload a static asset in your <head>
, you can use the preload_pack_asset
helper:
<%= preload_pack_asset 'fonts/fa-regular-400.woff2' %>
If you want to use images in your stylesheets:
.foo {
background-image: url('../images/logo.svg')
}
javascript_pack_tag
Note, the default of "defer" for the javascript_pack_tag
. You can override that to false
. If you expose jquery globally with expose-loader,
by using import $ from "expose-loader?exposes=$,jQuery!jquery"
in your app/packs/entrypoints/application.js
, pass the option defer: false
to your javascript_pack_tag
.
Note, if you are using server-side rendering of JavaScript with dynamic code-splitting, as is often done with extensions to Webpacker, like React on Rails, your JavaScript should create the link prefetch HTML tags that you will use, so you won't need to use to asset_pack_path
in those circumstances.
Note: In order for your styles or static assets files to be available in your view, you would need to link them in your "pack" or entry file. Otherwise, Webpack won't know to package up those files.
Webpacker ships with two binstubs: ./bin/webpacker
and ./bin/webpacker-dev-server
. Both are thin wrappers around the standard webpack.js
and webpack-dev-server.js
executables to ensure that the right configuration files and environmental variables are loaded based on your environment.
In development, Webpacker compiles on demand rather than upfront by default. This happens when you refer to any of the pack assets using the Webpacker helper methods. This means that you don't have to run any separate processes. Compilation errors are logged to the standard Rails log. However, this auto-compilation happens when a web request is made that requires an updated webpack build, not when files change. Thus, that can be painfully slow for front-end development in this default way. Instead, you should either run the bin/webpacker --watch
or run ./bin/webpacker-dev-server
If you want to use live code reloading, or you have enough JavaScript that on-demand compilation is too slow, you'll need to run ./bin/webpacker-dev-server
or ruby ./bin/webpacker-dev-server
. Windows users will need to run these commands in a terminal separate from bundle exec rails s
. This process will watch for changes in the relevant files, defined by webpacker.yml
configuration settings for source_path
, source_entry_path
, and additional_paths
, and it will then automatically reload the browser to match. This feature is also known as Hot Module Replacement.
# webpack dev server
./bin/webpacker-dev-server
# watcher
./bin/webpacker --watch --progress
# standalone build
./bin/webpacker --progress
# Help
./bin/webpacker help
# Version
./bin/webpacker version
# Info
./bin/webpacker info
Once you start this webpack development server, Webpacker will automatically start proxying all webpack asset requests to this server. When you stop this server, Rails will detect that it's not running and Rails will revert back to on-demand compilation if you have the compile
option set to true in your config/webpacker.yml
You can use environment variables as options supported by webpack-dev-server in the form WEBPACKER_DEV_SERVER_<OPTION>
. Please note that these environmental variables will always take precedence over the ones already set in the configuration file, and that the same environmental variables must be available to the rails server
process.
WEBPACKER_DEV_SERVER_HOST=example.com WEBPACKER_DEV_SERVER_INLINE=true WEBPACKER_DEV_SERVER_HOT=false ./bin/webpacker-dev-server
By default, the webpack dev server listens on localhost
in development for security purposes. However, if you want your app to be available over local LAN IP or a VM instance like vagrant, you can set the host
when running ./bin/webpacker-dev-server
binstub:
WEBPACKER_DEV_SERVER_HOST=0.0.0.0 ./bin/webpacker-dev-server
Note: You need to allow webpack-dev-server host as an allowed origin for connect-src
if you are running your application in a restrict CSP environment (like Rails 5.2+). This can be done in Rails 5.2+ in the CSP initializer config/initializers/content_security_policy.rb
with a snippet like this:
Rails.application.config.content_security_policy do |policy|
policy.connect_src :self, :https, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development?
end
Note: Don't forget to prefix ruby
when running these binstubs on Windows
First, you don't need to use Shakapacker's webpack configuration. However, the shakapacker
NPM package provides convenient access to configuration code that reads the config/webpacker.yml
file which the view helpers also use. If you have your own customized webpack configuration, at the mininmum, you must ensure:
webpack-assets-manifest
that maps output names (your 'packs') to the fingerprinted versions, including bundle-splitting dependencies. That's the main secret sauce of webpacker!The most practical webpack configuration is to take the default from Shakapacker and then use webpack-merge to merge your customizations with the default. For example, suppose you want to add some resolve.extensions
:
// use the new NPM package name, `shakapacker`.
// merge is webpack-merge from https://github.com/survivejs/webpack-merge
const { webpackConfig: baseWebpackConfig, merge } = require('shakapacker')
const options = {
resolve: {
extensions: ['.css', '.ts', '.tsx']
}
}
// Copy the object using merge b/c the baseClientWebpackConfig is a mutable global
// If you want to use this object for client and server rendering configurations,
// havaing a new object is essential.
module.exports = merge({}, baseWebpackConfig, options)
This example is based on an example project
Webpacker gives you a default configuration file config/webpack/webpack.config.js
, which, by default, you don't need to make any changes to config/webpack/webpack.config.js
since it's a standard production-ready configuration. However, you will probably want to customize or add a new loader by modifying the webpack configuration, as shown above.
You might add separate files to keep your code more organized.
// config/webpack/custom.js
module.exports = {
resolve: {
alias: {
jquery: 'jquery/src/jquery',
vue: 'vue/dist/vue.js',
React: 'react',
ReactDOM: 'react-dom',
vue_resource: 'vue-resource/dist/vue-resource'
}
}
}
Then require
this file in your config/webpack/webpack.config.js
:
// config/webpack/webpack.config.js
// use the new NPM package name, `shakapacker`.
const { webpackConfig, merge } = require('shakapacker')
const customConfig = require('./custom')
module.exports = merge(webpackConfig, customConfig)
If you need access to configs within Webpacker's configuration, you can import them like so:
// config/webpack/webpack.config.js
const { webpackConfig } = require('shakapacker')
console.log(webpackConfig.output_path)
console.log(webpackConfig.source_path)
// Or to print out your whole webpack configuration
console.log(JSON.stringify(webpackConfig, undefined, 2))
By default, you will find the Webpacker preset in your package.json
. Note, you need to use the new NPM package name, shakapacker
.
"babel": {
"presets": [
"./node_modules/shakapacker/package/babel/preset.js"
]
},
Optionally, you can change your Babel configuration by removing these lines in your package.json
and add a Babel configuration file in your project. For an example customization based on the original, see Customizing Babel Config.
You can try out experimental integration with the SWC loader. You can read more at SWC usage docs.
Please note that if you want opt-in to use SWC, you can skip React integration instructions as it is supported out of the box.
You can try out experimental integration with the esbuild-loader. You can read more at esbuild-loader usage docs.
Please note that if you want opt-in to use esbuild-loader, you can skip React integration instructions as it is supported out of the box.
Webpacker out of the box supports JS and static assets (fonts, images etc.) compilation. To enable support for CoffeeScript or TypeScript install relevant packages:
See customization example the Customizing Babel Config for React configuration.
...if you are using typescript, update your tsconfig.json
{
"compilerOptions": {
"declaration": false,
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"lib": ["es6", "dom"],
"module": "es6",
"moduleResolution": "node",
"sourceMap": true,
"target": "es5",
"jsx": "react",
"noEmit": true
},
"exclude": ["**/*.spec.ts", "node_modules", "vendor", "public"],
"compileOnSave": false
}
yarn add coffeescript coffee-loader
yarn add typescript @babel/preset-typescript
Babel won’t perform any type-checking on TypeScript code. To optionally use type-checking run:
yarn add fork-ts-checker-webpack-plugin
Add tsconfig.json
{
"compilerOptions": {
"declaration": false,
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"lib": ["es6", "dom"],
"module": "es6",
"moduleResolution": "node",
"baseUrl": ".",
"paths": {
"*": ["node_modules/*", "app/packs/*"]
},
"sourceMap": true,
"target": "es5",
"noEmit": true
},
"exclude": ["**/*.spec.ts", "node_modules", "vendor", "public"],
"compileOnSave": false
}
Then modify the webpack config to use it as a plugin:
// config/webpack/webpack.config.js
const { webpackConfig, merge } = require("shakapacker");
const ForkTSCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin");
module.exports = merge(webpackConfig, {
plugins: [new ForkTSCheckerWebpackPlugin()],
});
To enable CSS support in your application, add following packages:
yarn add css-loader style-loader mini-css-extract-plugin css-minimizer-webpack-plugin
Optionally, add the CSS
extension to webpack config for easy resolution.
// config/webpack/webpack.config.js
const { webpackConfig, merge } = require('shakapacker')
const customConfig = {
resolve: {
extensions: ['.css']
}
}
module.exports = merge(webpackConfig, customConfig)
To enable PostCSS
, Sass
or Less
support, add CSS
support first and
then add the relevant pre-processors:
yarn add postcss postcss-loader
Optionally add these two plugins if they are required in your postcss.config.js
:
yarn add postcss-preset-env postcss-flexbugs-fixes
yarn add sass sass-loader
yarn add less less-loader
yarn add stylus stylus-loader
Please follow webpack integration guide for relevant framework or library,
For example to add Vue support:
// config/webpack/rules/vue.js
const { VueLoaderPlugin } = require('vue-loader')
module.exports = {
module: {
rules: [
{
test: /\.vue$/,
loader: 'vue-loader'
}
]
},
plugins: [new VueLoaderPlugin()],
resolve: {
extensions: ['.vue']
}
}
// config/webpack/webpack.config.js
const { webpackConfig, merge } = require('shakapacker')
const vueConfig = require('./rules/vue')
module.exports = merge(vueConfig, webpackConfig)
Out of the box Webpacker ships with - development, test and production environments in config/webpacker.yml
however, in most production apps extra environments are needed as part of deployment workflow. Webpacker supports this out of the box from version 3.4.0+ onwards.
You can choose to define additional environment configurations in webpacker.yml,
staging:
<<: *default
# Production depends on precompilation of packs prior to booting for performance.
compile: false
# Cache manifest.json for performance
cache_manifest: true
# Compile staging packs to a separate directory
public_output_path: packs-staging
Otherwise Webpacker will use production environment as a fallback environment for loading configurations. Please note, NODE_ENV
can either be set to production
, development
or test
. This means you don't need to create additional environment files inside config/webpacker/*
and instead use webpacker.yml to load different configurations using RAILS_ENV
.
For example, the below command will compile assets in production mode but will use staging configurations from config/webpacker.yml
if available or use fallback production environment configuration:
RAILS_ENV=staging bundle exec rails assets:precompile
And, this will compile in development mode and load configuration for cucumber environment if defined in webpacker.yml or fallback to production configuration
RAILS_ENV=cucumber NODE_ENV=development bundle exec rails assets:precompile
Please note, binstubs compiles in development mode however rake tasks compiles in production mode.
# Compiles in development mode unless NODE_ENV is specified, per the binstub source
./bin/webpacker
./bin/webpacker-dev-server
# Compiles in production mode by default unless NODE_ENV is specified, per `lib/tasks/webpacker/compile.rake`
bundle exec rails assets:precompile
bundle exec rails webpacker:compile
You can run following commands to upgrade Webpacker to the latest stable version. This process involves upgrading the gem and related JavaScript packages:
# check your Gemfile for version restrictions
bundle update shakapacker
# overwrite your changes to the default install files and revert any unwanted changes from the install
rails webpacker:install
# yarn 1 instructions
yarn upgrade shakapacker --latest
yarn upgrade webpack-dev-server --latest
# yarn 2 instructions
yarn up shakapacker@latest
yarn up webpack-dev-server@latest
# Or to install the latest release (including pre-releases)
yarn add shakapacker@next
Also, consult the CHANGELOG for additional upgrade links.
By default, Webpacker ships with simple conventions for where the JavaScript app files and compiled webpack bundles will go in your Rails app. All these options are configurable from config/webpacker.yml
file.
The configuration for what webpack is supposed to compile by default rests on the convention that every file in app/packs/entrypoints/*
(default) or whatever path you set for source_entry_path
in the webpacker.yml
configuration is turned into their own output files (or entry points, as webpack calls it). Therefore you don't want to put anything inside packs
directory that you do not want to be an entry file. As a rule of thumb, put all files you want to link in your views inside "packs" directory and keep everything else under app/packs
.
Suppose you want to change the source directory from app/packs
to frontend
and output to assets/packs
. This is how you would do it:
# config/webpacker.yml
source_path: frontend # packs are in frontend/packs
public_output_path: assets/packs # outputs to => public/assets/packs
Similarly you can also control and configure webpack-dev-server
settings from config/webpacker.yml
file:
# config/webpacker.yml
development:
dev_server:
host: localhost
port: 3035
If you have hmr
turned to true, then the stylesheet_pack_tag
generates no output, as you will want to configure your styles to be inlined in your JavaScript for hot reloading. During production and testing, the stylesheet_pack_tag
will create the appropriate HTML tags.
If you are adding Webpacker to an existing app that has most of the assets inside app/assets
or inside an engine, and you want to share that with webpack modules, you can use the additional_paths
option available in config/webpacker.yml
. This lets you
add additional paths that webpack should look up when resolving modules:
additional_paths: ['app/assets', 'vendor/assets']
You can then import these items inside your modules like so:
// Note it's relative to parent directory i.e. app/assets
import 'stylesheets/main'
import 'images/rails.png'
Note: Please be careful when adding paths here otherwise it will make the compilation slow, consider adding specific paths instead of whole parent directory if you just need to reference one or two modules
Also note: While importing assets living outside your source_path
defined in webpacker.yml (like, for instance, assets under app/assets
) from within your packs using relative paths like import '../../assets/javascripts/file.js'
will work in development, Webpacker won't recompile the bundle in production unless a file that lives in one of it's watched paths has changed (check out Webpacker::Compiler#watched_files_digest
). That's why you'd need to add app/assets
to the additional_paths as stated above and use import 'javascripts/file.js'
instead.
Webpacker hooks up a new webpacker:compile
task to assets:precompile
, which gets run whenever you run assets:precompile
. If you are not using Sprockets, webpacker:compile
is automatically aliased to assets:precompile
. Similar to sprockets both rake tasks will compile packs in production mode but will use RAILS_ENV
to load configuration from config/webpacker.yml
(if available).
When compiling assets for production on a remote server, such as a continuous integration environment, it's recommended to use yarn install --frozen-lockfile
to install NPM packages on the remote host to ensure that the installed packages match the yarn.lock
file.
If you are using a CDN setup, webpacker will use the configured asset host value to prefix URLs for images or font icons which are included inside JS code or CSS. It is possible to override this value during asset compilation by setting the WEBPACKER_ASSET_HOST
environment variable.
See the doc page for Troubleshooting.
We encourage you to contribute to Shakapacker/Webpacker! See CONTRIBUTING for guidelines about how to proceed. We have a Slack discussion channel.
Webpacker is released under the MIT License.
FAQs
Use webpack to manage app-like JavaScript modules in Rails
We found that shakapacker demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.