Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
A flexible wrapper arround svgo for furher SVG processing or to add addtional files. Svgpipe comes with predefined strategies, but it is easy to create your own. For example, build an icon component based on your SVG files.
npm i --save-dev svgpipe
pnpm i -D svgpipe
yarn add -D svgpipe
npx svgpipe run
npx svgpipe --help
// svgpipe.config.ts
import { defineConfig } from "svgpipe";
export default defineConfig({
baseDir: ".svgpipe", // that's the default
modules: [
{
input: "./assets/svgs/logos",
output: "output/svgs/logos", // relative to the base dir
strategy: "vue-inline", // use builtin strategy with no options
},
{
input: "./assets/svgs/icons",
output: "output/svg/icons",
svgo: {
multipass: true, // optionally change svgo options
},
strategy: [
"vue-inline", // Array syntax to pass options to the strategy
{
componentName: "BaseIcon",
componentPath: "./components",
},
],
},
{
input: "./assets/svgs/",
output: "output/svg/graphics",
strategy: [MyCustomStrategy, {}], // Add your own strategy as a class
},
],
});
vue-inline
Creates a vue component that imports all SVGs. This components depends on vite-svg-loader
.
Options
Property | Default | Note |
---|---|---|
componentName | "BaseIcon" | |
componentPath | "/components" | |
typePath | "/types" | Pass an empty string to define the type in the component file. |
tokenPath | "" | Generates a array with all the token names. Pass an empty sring to skip this file. |
default
Just outputs the processed SVGs.
options
property. The user options are passed into the constructor.process
methodfiles
propertyimport type { IFile, IStrategy, CombinedModuleConfig } from "svgpipe";
import { File } from "svgpipe";
export interface MyOptions {
foo: string;
}
export class MyStrategy implements IStrategy {
options: CombinedModuleConfig<MyOptions>;
files: IFile[] = [];
constructor(options: CombinedModuleConfig<MyOptions>) {
// Optional: apply default to options
this.options = options;
}
process(files: IFile[]) {
// Optional: Do something with the files or just add them to the files array
this.files = files;
// Optional: Add a new file
const myFile = new File({
content: "My component content",
extension: "tsx",
name: "MyComponent",
path: this.options.module.output!,
});
this.files.push(myFile);
}
}
FAQs
A flexible CLI tool around svgo for further postprocessing.
The npm package svgpipe receives a total of 277 weekly downloads. As such, svgpipe popularity was classified as not popular.
We found that svgpipe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.