Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
This is a command line tool to help build, run, and test WebExtensions.
Ultimately, it aims to support browser extensions in a standard, portable, cross-platform way. Initially, it will provide a streamlined experience for developing Firefox Extensions.
Here are the commands you can run. Click on each one for detailed documentation or use --help
on the command line, such as web-ext build --help
.
run
lint
sign
build
docs
web-ext
documentation in a browserFirst, make sure you are running the current LTS (long term support) version of NodeJS.
You can install this command onto your machine globally with:
npm install --global web-ext
Alternatively, you can install this command as one of the
devDependencies
of your project. This method can help you control the version of web-ext
as used by your team.
npm install --save-dev web-ext
Next you can use the web-ext
command in your project as an
npm script.
Here is an example where the --source-dir
argument specifies where to find
the source code for your extension.
package.json
"scripts": {
"start:firefox": "web-ext run --source-dir ./extension-dist/",
}
You can always pass in additional commands to your npm scripts using
the --
suffix. For example, the previous script could specify the Firefox
version on the command line with this:
npm run start:firefox -- --firefox=nightly
You'll need:
Optionally, you may like:
If you had already installed web-ext
from npm,
you may need to uninstall it first:
npm uninstall --global web-ext
Change into the source and install all dependencies:
git clone https://github.com/mozilla/web-ext.git
cd web-ext
npm ci
Build the command:
npm run build
Link it to your node installation:
npm link
You can now run it from any directory:
web-ext --help
To get updates, just pull changes and rebuild the executable. You don't need to relink it.
cd /path/to/web-ext
git pull
npm run build
Note: There is limited support for this API.
Aside from using web-ext on the command line, you may wish to execute web-ext
in NodeJS code.
As of version 7.0.0
, the web-ext
npm package exports NodeJS native ES modules only. If you are using CommonJS, you will have to use dynamic imports.
You are able to execute command functions without any argument validation. If you want to execute web-ext run
you would do so like this:
import webExt from 'web-ext';
webExt.cmd.run({
// These are command options derived from their CLI conterpart.
// In this example, --source-dir is specified as sourceDir.
firefox: '/path/to/Firefox-executable',
sourceDir: '/path/to/your/extension/source/',
}, {
// These are non CLI related options for each function.
// You need to specify this one so that your NodeJS application
// can continue running after web-ext is finished.
shouldExitProgram: false,
})
.then((extensionRunner) => {
// The command has finished. Each command resolves its
// promise with a different value.
console.log(extensionRunner);
// You can do a few things like:
// extensionRunner.reloadAllExtensions();
// extensionRunner.exit();
});
If you would like to run an extension on Firefox for Android:
import adbUtils from "web-ext/util/adb";
// Path to adb binary (optional parameter, auto-detected if missing)
const adbBin = "/path/to/adb";
// Get an array of device ids (Array<string>)
const deviceIds = await adbUtils.listADBDevices(adbBin);
const adbDevice = ...
// Get an array of Firefox APKs (Array<string>)
const firefoxAPKs = await adbUtils.listADBFirefoxAPKs(
deviceId, adbBin
);
const firefoxApk = ...
webExt.cmd.run({
target: 'firefox-android',
firefoxApk,
adbDevice,
sourceDir: ...
}).then((extensionRunner) => {...});
If you would like to control logging, you can access the logger object. Here is an example of turning on verbose logging:
import webExtLogger from "web-ext/util/logger";
webExtLogger.consoleStream.makeVerbose();
webExt.cmd.run({sourceDir: './src'}, {shouldExitProgram: false});
You can also disable the use of standard input:
webExt.cmd.run({noInput: true}, {shouldExitProgram: false});
web-ext
is designed for WebExtensions but you can try disabling manifest validation to work with legacy extensions. This is not officially supported.
webExt.cmd.run(
{sourceDir: './src'},
{
getValidatedManifest: () => ({
name: 'some-fake-name',
version: '1.0.0',
}),
shouldExitProgram: false,
},
);
Yes! The web-ext tool enables you to build and ship extensions for Firefox. This platform stabilized in Firefox 48 which was released in April of 2016.
Hi! This tool is under active development. To get involved you can watch the repo, file issues, create pull requests, or ask a question on dev-addons. Read the contributing section for how to develop new features.
This is a great question and one that we will ask ourselves for each new web-ext feature. Most WebExtension functionality is baked into the browsers themselves but a complimentary command line tool will still be helpful. Here is a partial list of examples:
FAQs
A command line tool to help build, run, and test web extensions
The npm package web-ext receives a total of 39,381 weekly downloads. As such, web-ext popularity was classified as popular.
We found that web-ext demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.