
Security News
npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
sourcebit-transform-assets
Advanced tools
A Sourcebit plugin for downloading remote assets
This plugin looks for any assets that have been used in an entry, downloads the asset file to the local filesystem and replaces its URL in the referencing objects so that a local URL is used instead.
🚨 Caveat: The current version of this plugin is only capable of replacing assets when they are referenced from a field that is explicitly marked as containing assets. If an object contains an asset URL as part of a free-form field, like a string or a Markdown field, the remote URL will not be replaced.
To install the plugin and add it to your project, run:
npm install sourcebit-transform-assets --save
💡 You don't need to run this command if you start Sourcebit using the interactive setup process, as the CLI will install the plugin for you and add it as a dependency to your project.
The plugin accepts the following configuration parameters. They can be supplied in any of the following ways:
options
object of the plugin configuration block inside sourcebit.js
, with the value of the Property column as a key;sourcebit fetch
command;.env
file, with the value of the Env variable column separated by the value with an equals sign (e.g. MY_VARIABLE=my-value
);sourcebit fetch
command, using the value of the Parameter column as the name of the parameter (e.g. sourcebit fetch --my-parameter
).Property | Type | Visibility | Default value | Env variable | Parameter | Description |
---|---|---|---|---|---|---|
assetPath | String/Function | Public | assets | A function that determines the full path for each asset detected (see assetPath ). | ||
maximumSearchDepth | Number | Public | 5 | When recursively finding asset URLs in nested object, the plugin will stop at this depth. | ||
publicUrl | String/Function | Public | /assets | A function that determines the public URL for each asset (see publicUrl ). |
assetPath
If assetPath
is defined as a string, its value will be used as the path for the asset.
If assetPath
is a function, it will be invoked for each asset detected with two parameters:
entry
(Object): The entry in which the asset was detectedasset
(Object): The normalized asset objectIts return value will be used as the path for the asset.
publicUrl
If publicUrl
is defined as a string, its value will replace the original URL of the asset in any objects.
If publicUrl
is a function, it will be invoked for each asset detected with two parameters:
entry
(Object): The entry in which the asset was detectedasset
(Object): The normalized asset objectassetPath
(String): The local path where the asset has been savedIts return value will replace the original URL of the asset in any objects.
assetPath
and publicUrl
as strings
module.exports = {
plugins: [
{
module: require('sourcebit-transform-assets'),
options: {
assetPath: 'assets',
publicUrl: '/assets'
}
}
]
};
assetPath
and publicUrl
as functions
module.exports = {
plugins: [
{
module: require('sourcebit-transform-assets'),
options: {
assetPath: function(entry, asset) {
return `my-assets/${entry.someField}-${asset.fileName}`;
},
publicUrl: function(entry, asset, assetPath) {
return `https://something.example.com/public/${assetPath}`;
}
}
}
]
};
This plugin offers an interactive setup process via the npx create-sourcebit
command. It asks users to choose the assetPath
and publicUrl
options.
This plugin expects the following data buckets to exist:
models
: An array of content modelsThis plugin creates files on disk, in locations defined by the assetPath
option.
FAQs
A Sourcebit plugin for downloading assets
The npm package sourcebit-transform-assets receives a total of 0 weekly downloads. As such, sourcebit-transform-assets popularity was classified as not popular.
We found that sourcebit-transform-assets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.