Security News
The Code You Didn't Write Is Still Yours to Defend
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.
By Brad Arkin - Jun 23, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
top-offline-package-webpack-plugin
Advanced tools
offline-package-webpack-plugin
This plugin helps compress static resources (such as js, css, png...) into a zip package, with a resource mapping json file in it.
Resource Mapping Json:
{
"packageId": "meeting",
"items": [
{
"packageId": "meeting",
"version": 1,
"remoteUrl": "http://192.168.88.88:5000/js/app.630f02ab.js",
"path": "js/app.630f02ab.js",
"mimeType": "application/javascript"
},
{
"packageId": "meeting",
"version": 1,
"remoteUrl": "http://192.168.88.88:5000/js/chunk-vendors.dca9c05a.js",
"path": "js/chunk-vendors.dca9c05a.js",
"mimeType": "application/javascript"
}
]
}
Usage
npm install tope-offline-package-webpack-plugin -D
or
yarn add tope-offline-package-webpack-plugin -D
Via webpack.config.js or any other webpack config file.
{
plugins: [
new OfflinePackagePlugin({
packageNameKey: 'packageId',
packageNameValue: 'meeting',
version: 1,
baseUrl: 'http://192.168.88.88:5000/',
fileTypes: ['js', 'css', 'png']
})
];
}
Options
options need to be an object.
packageNameKey
This option determines the key of package name in the resource mapping json.
Resource mapping json:
{
"packageId": "meeting",
"items": [
...
]
}
Default: 'packageName'
Config example:
{
plugins: [
new OfflinePackagePlugin({
packageNameKey: 'packageId'
})
];
}
packageNameValue
This option determines the value of package name in the resource mapping json.
Resource mapping json:
{
"packageNameValue": "meeting",
"items": [
...
]
}
Default: ''
Config example:
{
plugins: [
new OfflinePackagePlugin({
packageNameValue: 'meeting'
})
];
}
version
This option determines the value of version in the resource mapping json.
Resource mapping json:
{
...
"version": 1
"items": [
...
]
}
Default: 1
Config example:
{
plugins: [
new OfflinePackagePlugin({
version: 2
})
];
}
folderName
This option determines the name of the output zip file.
Default: 'package'
Config example:
{
plugins: [
new OfflinePackagePlugin({
folderName: 'package'
})
];
}
indexFileName
This option determines the name of the resource mapping json.
Default: 'index.json'
Config example:
{
plugins: [
new OfflinePackagePlugin({
indexFileName: 'index.json'
})
];
}
baseUrl
This option determines the base url of remoteUrl in the resource mapping json.
Resource mapping json:
{
...
"items": [
{
"remoteUrl": `${baseUrl}/about.9d81a00f.js`,
"path": "js/about.9d81a00f.js"
}
]
}
Default: ''
Config example:
{
plugins: [
new OfflinePackagePlugin({
indexFileName: 'index.json'
})
];
}
fileTypes
This options provides control over if add a web resource file into zip file via file extension. The options need to be an array. And an empty array means there is no limit of file extension.
Default: []
Config example:
{
plugins: [
new OfflinePackagePlugin({
fileTypes: ['js', 'css', 'png']
})
];
}
excludeFileName
This options provides control over if add a web resource file into zip file via file name. The options need to be an array. And an empty array means there is no limit of file extension.
Default: []
Config example:
{
plugins: [
new OfflinePackagePlugin({
excludeFileName: ['main.js']
})
];
}
Inspiration
Supplement
The image below is the architecture of offline package. You could learn more about offline package via mobile-web-best-practice.
FAQs
top-offline-package-webpack-plugin
We found that top-offline-package-webpack-plugin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Aug 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
By Sarah Gooding - Jun 20, 2026
Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026