
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
tdewolff-minify
Advanced tools
An ES module with an API allowing easy usage of tdewolff's minify within Node.js
In search for the best (HTML, CSS, JavaScript, JSON, etc) minifier I happened to come across tdewolff's minify written in Go. Which seems to have awesome performance and capabilities. But it had no JavaScript API (npm library) available to make it easy to plug into a Node.js project; hence I made this one.
With this npm package you just need to npm install tdewolff-minify
and it will download the latest native precompiled binary for your platform (by fetching it straight from GitHub). And it comes with a nice JavaScript API for easy usage of the minifier.
I'm in no way the author of minify or affiliated with his project. I only take credit for creating this JavaScript API which allows easy usage of it within Node.js.
If you find this useful then please consider helping me out (I'm jobless and sick). For more information visit my GitHub profile.
It would also be a good idea to fund the creator of minify, which you can do here.
npm i tdewolff-minify
import {Minify, minifyStream, minifyPath} from 'tdewolff-minify'
import {Writable} from 'node:stream'
const moduleDirectory = import.meta.url.slice(7, import.meta.url.lastIndexOf('/')+1)
const log = console.log
process.chdir(moduleDirectory)
/** Allows a `Writable` stdout stream that doesn't close the actual stdout. */
function stdoutWritable() {
return new Writable({
write(chunk, _encoding, callback) {
process.stdout.write(chunk, callback)
}
})
}
/* Initialize the minify controller and allow max 4 running
minify processes at once. */
const minify = new Minify({maxConcurrency: 4})
/* Since the API is asynchronous it's important to catch errors
correctly. The minifier will throw errors if it has any trouble
with the syntax of the file to minify. */
/* Here we try to minify a file: */
try { // (a try/catch block works well with await)
const result = await minify.file('fileToMinify.js')
log('success:', result, '\n')
} catch (error) {
log('error:', error, '\n')
}
/* Here we try to minify a JavaScript we supply: */
minify.content('js', 'let a = 123;')
.then( // (an alternative to using await)
result => log('success:', result, '\n'),
error => log('error:', error, '\n')
)
/* Here we will do some plumbing: */
const {createReadStream} = await import('node:fs')
// const outStream = fs.createWriteStream('fileToMinify.min.js')
await minify.pipe('js',
createReadStream('fileToMinify.js'),
stdoutWritable()
)
log('\n')
/* Here we'll show how to use pipeline:
(if you want to use pipeline then you must handle
concurrency yourself instead of using the controller) */
const {createGzip} = await import('node:zlib')
const {pipeline, Transform} = await import('node:stream')
pipeline(
createReadStream('fileToMinify.js'), // get the text
await minifyStream('js'), // minfy it
createGzip(), // gzip it (like a web-server would do)
new Transform({ // hex encode it
transform(chunk, _encoding, callback) {
callback(null, chunk.toString('hex'))
}
}),
stdoutWritable(), // and display it
error => { // the callback when done
if (error) log('\n', error, '\n')
else log('\n\nSuccess', '\n')
}
)
log('Minify path:', minifyPath, '\n')
/* Here we have minify write the minified contents to another file: */
try {
await minify.fileToFile('fileToMinify.js', 'fileToMinify.min.js')
} catch (error) {
log('error:', error, '\n')
}
Even though it's encapsulated in multiple layers of crap;
know that inside of you there is pure love, because that's what you are!
FAQs
An ES module with an API allowing easy usage of tdewolff's minify within Node.js
The npm package tdewolff-minify receives a total of 1 weekly downloads. As such, tdewolff-minify popularity was classified as not popular.
We found that tdewolff-minify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.