Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
standalone-single-spa-webpack-plugin
Advanced tools
A webpack plugin to run single-spa microfrontends as standalone
A webpack plugin for running single-spa microfrontends in standalone mode. This is an alternative to using import-map-overrides.
⚠️ Warning about Standalone Mode
Standalone mode is not equivalent to developing in integrated mode, as the single-spa root config is not exactly the same in each.
- Since the root config in standalone mode is not exactly the same as in integrated mode, this can lead to situations where it "works on my machine, but not on the deployed environment."
- This plugin automatically upgrades to the latest versions of SystemJS and single-spa, which is likely different than most environments, which pin to a specific version.
- If a hard coded import map is used in this plugin's configuration, it may quickly become outdated. This may lead to developing locally against a package whose API has changed.
- By default, this plugin does not load any global scripts, fonts, or css in the HTML file.
npm install --save-dev standalone-single-spa-webpack-plugin
# alternatively
yarn add --dev standalone-single-spa-webpack-plugin
To use the plugin, add it to your webpack config. Then when you run webpack-dev-server, an HTML file will be generated that loads and mounts your microfrontend as a single-spa application or parcel.
// webpack.config.js
const StandaloneSingleSpaPlugin = require('standalone-single-spa-webpack-plugin');
const HtmlWebpackPlugin = require('html-webpack-plugin');
module.exports = {
devServer: {
// Not required, but it's often useful to run webpack-dev-server in SPA mode
historyApiFallback: true
},
plugins: [
// the standalone plugin works in conjunction with HtmlWebpackPlugin
new HtmlWebpackPlugin(),
new StandaloneSingleSpaPlugin({
// required
appOrParcelName: "my-microfrontend-name",
// optional - strongly encouraged for single-spa applications
activeWhen: ['/route-prefix'],
// optional - useful for enabling cross-microfrontend imports
importMapUrl: new URL("https://my-cdn.com/importmap.json"),
// optional - useful for adding an additional, local-only import map
importMap: {
imports: {
"other-module": "/other-module.js"
}
},
// optional - defaults to false. This determines whether to mount
// your microfrontend as an application or a parcel
isParcel: false,
// optional - you can disable the plugin by passing in this boolean
disabled: false,
// optional - the standalone plugin relies on optionalDependencies in the
// package.json. If this doesn't work for you, pass in your HtmlWebpackPlugin
// to ensure the correct one is being referenced
HtmlWebpackPlugin,
// optional - defaults to true - turns on or off import-map-overrides.
importMapOverrides: true,
// optional - defaults to null. This allows you to hide the import-map-overrides UI
// unless a local storage key is set. See more info at https://github.com/joeldenning/import-map-overrides/blob/master/docs/ui.md#enabling-the-ui
importMapOverridesLocalStorageKey: null
// optional - defaults to {}. The single-spa custom props passed to the application
// Note that these props are stringified into the HTML file
customProps: {
authToken: "sadf7889fds8u70df9s8fsd"
}
})
]
}
Now when you run npm start
or npm run serve
, you can view your code running on localhost, without setting up an import map override.
You may customize the HTML file used by the standalone plugin by creating a src/index.ejs
file. The standalone plugin injects its scripts at the end of the <body>
of that file. This is done via html-webpack-plugin, which has a template option that allows you to control the HTML template.
This plugin (currently) assumes that you are using SystemJS to load your microfrontends. If you are not using SystemJS and would like to use this plugin, please file a Github issue.
FAQs
A webpack plugin to run single-spa microfrontends as standalone
The npm package standalone-single-spa-webpack-plugin receives a total of 74,147 weekly downloads. As such, standalone-single-spa-webpack-plugin popularity was classified as popular.
We found that standalone-single-spa-webpack-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.