![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
webpack-aliyun-oss
Advanced tools
Readme
A webpack(>=4) plugin to upload assets to aliyun oss
一个webpack4插件,上传资源到阿里云cdn
setOssPath
来配置不同的上传路径。$ npm i webpack-aliyun-oss -S
from
: 上传哪些文件,默认为output.path下所有的文件。支持类似gulp.src的glob方法,如'./build/**', 可以为glob字符串或者数组。dist
: 上传到oss哪个目录下,默认为根目录。region
: 阿里云上传区域accessKeyId
: 阿里云的授权accessKeyIdaccessKeySecret
: 阿里云的授权accessKeySecretbucket
: 上传到哪个buckettimeout
: oss超时设置,默认为30秒(30000)verbose
: 是否显示上传日志,默认为truedeletOrigin
: 上传完成是否删除原文件,默认falsedeleteEmptyDir
: 如果某个目录下的文件都上传到cdn了,是否删除此目录。deleteOrigin为true时候生效。默认false。setOssPath
: 自定义上传路径的函数。不传,或者所传函数返回false则按默认路径上传。(默认为output.path下文件路径)setHeaders
: 配置headers的函数。不传,或者所传函数返回false则不设置header。test
: 测试,仅显示要上传的文件,但是不执行上传操作。默认falseconst WebpackAliyunOss = require('webpack-aliyun-oss')
const webpackConfig = {
// ... 省略其他
plugins: [new WebpackAliyunOss({
from: ['./build/**', '!./build/**/*.html'],
dist: 'path/in/alioss',
region: 'your region',
accessKeyId: 'your key',
accessKeySecret: 'your secret',
bucket: 'your bucket',
setOssPath(filePath) {
// some operations to filePath
return '/new/path/to/flie.js';
},
setHeaders(filePath) {
// some operations to filePath
return {
'Cache-Control': 'max-age=31536000'
}
}
})]
}
FAQs
a webpack(version>=4) plugin to upload assets to aliyun oss, can be used with or without webpack.
The npm package webpack-aliyun-oss receives a total of 62 weekly downloads. As such, webpack-aliyun-oss popularity was classified as not popular.
We found that webpack-aliyun-oss demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.