Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
webpack-dev-middleware-nfd
Advanced tools
Offers a dev middleware for webpack, which arguments a live bundle to a directory
It's a simple wrapper middleware for webpack. It serves the files emitted from webpack over a connect server. This should be used for development only.
It has a few advantages over bundling it as files:
npm install webpack-dev-middleware --save-dev
var webpackMiddleware = require("webpack-dev-middleware");
app.use(webpackMiddleware(...));
Example usage:
app.use(webpackMiddleware(webpack({
// webpack options
// webpackMiddleware takes a Compiler object as first parameter
// which is returned by webpack(...) without callback.
entry: "...",
output: {
path: "/"
// no real path is required, just pass "/"
// but it will work with other paths too.
}
}), {
// publicPath is required, whereas all other options are optional
noInfo: false,
// display no info to console (only warnings and errors)
quiet: false,
// display nothing to the console
lazy: true,
// switch into lazy mode
// that means no watching, but recompilation on every request
watchOptions: {
aggregateTimeout: 300,
poll: true
},
// watch options (only lazy: false)
publicPath: "/assets/",
// public path to bind the middleware to
// use the same as in webpack
index: "index.html",
// the index path for web server
headers: { "X-Custom-Header": "yes" },
// custom headers
stats: {
colors: true
},
// options for formating the statistics
reporter: null,
// Provide a custom reporter to change the way how logs are shown.
serverSideRender: false,
// Turn off the server-side rendering mode. See Server-Side Rendering part for more info.
}));
This part shows how you might interact with the middleware during runtime:
close(callback)
- stop watching for file changes
var webpackDevMiddlewareInstance = webpackMiddleware(/* see example usage */);
app.use(webpackDevMiddlewareInstance);
// After 10 seconds stop watching for file changes:
setTimeout(function(){
webpackDevMiddlewareInstance.close();
}, 10000);
invalidate()
- recompile the bundle - e.g. after you changed the configuration
var compiler = webpack(/* see example usage */);
var webpackDevMiddlewareInstance = webpackMiddleware(compiler);
app.use(webpackDevMiddlewareInstance);
setTimeout(function(){
// After a short delay the configuration is changed
// in this example we will just add a banner plugin:
compiler.apply(new webpack.BannerPlugin('A new banner'));
// Recompile the bundle with the banner plugin:
webpackDevMiddlewareInstance.invalidate();
}, 1000);
waitUntilValid(callback)
- executes the callback
if the bundle is valid or after it is valid again:
var webpackDevMiddlewareInstance = webpackMiddleware(/* see example usage */);
app.use(webpackDevMiddlewareInstance);
webpackDevMiddlewareInstance.waitUntilValid(function(){
console.log('Package is in a valid state');
});
Note: this feature is experimental and may be removed or changed completely in the future.
In order to develop a server-side rendering application, we need access to the stats
, which is generated with the latest build.
In the server-side rendering mode, webpack-dev-middleware would sets the stat
to res.locals.webpackStats
before invoking the next middleware, where we can render pages and response to clients.
Notice that requests for bundle files would still be responded by webpack-dev-middleware and all requests will be pending until the building process is finished in the server-side rendering mode.
app.use(webpackMiddleware(compiler, { serverSideRender: true })
// The following middleware would not be invoked until the latest build is finished.
app.use((req, res) => {
const assetsByChunkName = res.locals.webpackStats.toJson().assetsByChunkName
// then use `assetsByChunkName` for server-sider rendering
// For example, if you have only one main chunk:
res.send(`
<html>
<head>
<title>My App</title>
${
assetsByChunkName.main
.filter(path => path.endsWith('.css'))
.map(path => `<link rel="stylesheet" href="${path}" />`)
}
</head>
<body>
<div id="root"></div>
${
assetsByChunkName.main
.filter(path => path.endsWith('.js'))
.map(path => `<script src="${path}" />`)
}
</body>
</html>
`)
})
Don't hesitate to create a pull request. Every contribution is appreciated. In development you can start the tests by calling npm test
.
Kees Kluskens |
FAQs
Offers a dev middleware for webpack, which arguments a live bundle to a directory
The npm package webpack-dev-middleware-nfd receives a total of 1 weekly downloads. As such, webpack-dev-middleware-nfd popularity was classified as not popular.
We found that webpack-dev-middleware-nfd demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.