Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
webpack-auto-inject-version
Advanced tools
Adds version from package.json into every single file as top comment block.
$ npm install webpack-auto-inject-version --save-dev
What it does
How to use
Available options
Output examples
How to use with other webpack plugins
Change log
Auto Inject Version (AIV) can:
[AIV]{version}[/AIV]
[AIV]{version}[/AIV]
It's easy to set it up, all you need is:
var WebpackAutoInject = require('webpack-auto-inject-version');
...
module.exports = {
...
plugins: [
new WebpackAutoInject({
// options
// example:
components: {
AutoIncreaseVersion: false
}
})
]
}
module.exports = {
...
plugins: [
new WebpackAutoInject({
// specify the name of the tag in the outputed files eg
// bundle.js: [SHORT] Version: 0.13.36 ...
SHORT: 'CUSTOM',
SILENT: false,
PACKAGE_JSON_PATH: './package.json',
components: {
AutoIncreaseVersion: true,
InjectAsComment: true,
InjectByTag: true
},
componentsOptions: {
AutoIncreaseVersion: {
runInWatchMode: false // it will increase version with every single build!
},
InjectAsComment: {
tag: 'Version: {version} - {date}',
dateFormat: 'h:MM:ss TT', // change timezone: `UTC:h:MM:ss` or `GMT:h:MM:ss`
multiLineCommentType: false, // use `/** */` instead of `//` as comment block
},
InjectByTag: {
fileRegex: /\.+/,
// regexp to find [AIV] tag inside html, if you tag contains unallowed characters you can adjust the regex
// but also you can change [AIV] tag to anything you want
AIVTagRegexp: /(\[AIV])(([a-zA-Z{} ,:;!()_@\-"'\\\/])+)(\[\/AIV])/g,
dateFormat: 'h:MM:ss TT'
}
},
LOGS_TEXT: {
AIS_START: 'DEMO AIV started'
}
})
]
}
<body>
<span>
[AIV]{version}[/AIV]
</span>
<span>
[AIV]{date}[/AIV]
</span>
<span>
[AIV]{version}_{date}[/AIV]
</span>
<span>
[AIV]V:{version} Date:{date}[/AIV]
</span>
<span>
[AIV]Version {version} , {date}[/AIV]
</span>
</body>
Auto increase package.json number.
This option requires extra argument to be sent to webpack build.
It happens before anything else to make sure that your new version is injected into your files.
Arguments: --env.major --env.minor --env.patch
Example for package.json run type, npm run start => ( 1.2.10 to 2.0.0 )
"version" : "1.2.10",
"scripts": {
"start": "webpack --env.major"
}
To enable watch mode:
plugins: [
new WebpackAutoInject({
...
components: {
AutoIncreaseVersion: true,
...
},
componentsOptions: {
AutoIncreaseVersion: {
runInWatchMode: false // it will increase version with every single build!
}
}
})
]
Default: true
Inject version number into your file
Version will replace the <{version}> tag.
<span>My awesome project | [AIV]{version}[/AIV]</span>
var version = '[AIV]{version}[/AIV]';
Default: true
This will inject your version as a comment into any css,js,html file.
You can change what is injected into the file by changing componentsOptions.InjectAsComment.tag.
Currently only 2 tags are supported:
...
plugins: [
...
new WebpackAutoInject({
PACKAGE_JSON_PATH: './package.json',
components: {
...
InjectAsComment: true
},
componentsOptions: {
...
InjectAsComment: {
tag: 'Build version: {version} - {date}', // default
dateFormat: 'dddd, mmmm dS, yyyy, h:MM:ss TT', // default
multiLineCommentType: false, // default
}
})
]
Default: true
AIV can inject version number for all your bundle files (css,js,html).
// [AIV] Build version: 1.0.10
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
Example html:
<!-- [AIV] Build version: 1.0.10 -->
<!DOCTYPE html>
<html lang="en">
Webpack plugins order matters! Always try to put WebpackAutoInject as a first webpack plugin.
plugins: [
new WebpackAutoInject(),
new CompressionPlugin(),
]
plugins: [
new WebpackAutoInject(),
new UglifyJsPlugin(),
]
If the order won't be enough, you can always add ignore to the uglifyJsPlugin to prevent stripping out AIV comments eg:
new webpack.optimize.UglifyJsPlugin({
...
output: {
// prevent version info to be removed from bundle.js
comments: /\[AIV\]/,
},
...
});
npm start -s
will disable console logsdemo
folder, npm run test
FAQs
Webpack plugin for auto inject version from package.json
The npm package webpack-auto-inject-version receives a total of 3,395 weekly downloads. As such, webpack-auto-inject-version popularity was classified as popular.
We found that webpack-auto-inject-version demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.