Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The unplugin npm package is a framework-agnostic plugin system designed to create plugins that work across different build tools like Webpack, Vite, Rollup, and more. It allows developers to write a plugin once and have it compatible with multiple build systems without the need to rewrite it for each one.
Virtual Modules
Create virtual modules that can be imported by your code. These modules don't exist on the filesystem but are created on the fly by the plugin.
unplugin.createPlugin({
resolveId(id) {
if (id === 'virtual-module') return id;
},
load(id) {
if (id === 'virtual-module') return 'export default "This is virtual!"';
}
});
Transformations
Apply custom transformations to your code. This can be used to modify the source code of files before they are bundled.
unplugin.createPlugin({
transform(code, id) {
if (id.endsWith('.custom')) {
return code.replace(/find/g, 'replace');
}
}
});
Custom Build Steps
Execute custom code at different stages of the build process. This can be used to perform tasks before or after the build.
unplugin.createPlugin({
buildStart() {
console.log('Build started!');
},
buildEnd() {
console.log('Build finished!');
}
});
A Rollup plugin that allows replacing strings in files while bundling. It's similar to unplugin's transformation feature but is specific to Rollup.
A Webpack plugin to add virtual modules to the module graph. It provides functionality similar to unplugin's virtual modules but is specific to Webpack.
A Vite-specific plugin to support Vue 2.x. It demonstrates how plugins can be tailored to specific build tools, whereas unplugin aims to be build-tool agnostic.
FAQs
Unified plugin system for build tools
The npm package unplugin receives a total of 0 weekly downloads. As such, unplugin popularity was classified as not popular.
We found that unplugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.