![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
webpack-dev-middleware
Advanced tools
Package description
webpack-dev-middleware is a package that provides a simple way to serve and live reload webpack bundles for development purposes. It's designed to be used with a Node.js server, such as Express, and it allows developers to serve the webpack-generated files without writing them to disk, providing a faster development experience.
Serving Webpack Bundles
This code sample demonstrates how to set up webpack-dev-middleware with an Express server. It serves the files generated by webpack based on the provided configuration.
const express = require('express');
const webpack = require('webpack');
const webpackDevMiddleware = require('webpack-dev-middleware');
const config = require('./webpack.config.js');
const compiler = webpack(config);
const app = express();
app.use(webpackDevMiddleware(compiler, {
publicPath: config.output.publicPath
}));
app.listen(3000, function () {
console.log('Example app listening on port 3000!\n');
});
Enabling Hot Module Replacement (HMR)
This code sample shows how to enable Hot Module Replacement (HMR) in conjunction with webpack-dev-middleware. It requires an additional package, webpack-hot-middleware, to work.
const webpackHotMiddleware = require('webpack-hot-middleware');
app.use(webpackDevMiddleware(compiler, {
publicPath: config.output.publicPath
}));
app.use(webpackHotMiddleware(compiler));
BrowserSync is a package that allows for live reloading of web pages as files are edited and saved. It can be integrated with webpack using browser-sync-webpack-plugin. Unlike webpack-dev-middleware, BrowserSync is focused on synchronizing interactions across multiple devices/browsers during testing.
Serve is a static file serving and directory listing package that can be used for quick prototyping and local development. It does not have built-in webpack integration or HMR, but it's a simple alternative for serving static files.
webpack-hot-server-middleware is similar to webpack-dev-middleware but is specifically designed for use with server-side rendering in Node.js applications. It works in tandem with webpack-dev-middleware and webpack-hot-middleware to enable HMR for server-rendered apps.
webpack-serve is a now-deprecated package that was once an alternative to webpack-dev-middleware. It provided a development server that used webpack's watch mode to observe file changes and recompile automatically. It has since been replaced by webpack-dev-server, which offers similar functionality.
Readme
THIS MIDDLEWARE SHOULD ONLY USED FOR DEVELOPMENT!
DO NOT USE IT IN PRODUCTION!
It's a simple wrapper middleware for webpack. It serves the files emitted from webpack over a connect server.
It has a few advantages over bundling it as files:
var webpackMiddleware = require("webpack-dev-middleware");
app.use(webpackMiddleware(...));
Use the webpackMiddleware
function like the webpack function, but without callback.
Example usage:
app.use(webpackMiddleware(__dirname, "./lib/file", {
watch: true,
debug: true,
publicPrefix: "http://localhost:8080/assets/",
output: "bundle.js",
outputPostfix: ".bundle.js",
// ... more webpack config options
}));
This is not required, but recommendated to get the best out of the middleware.
The prefix for request that should be handled.
The filename for the bundle.
Verbose output of the statistics.
FAQs
A development middleware for webpack
The npm package webpack-dev-middleware receives a total of 15,064,120 weekly downloads. As such, webpack-dev-middleware popularity was classified as popular.
We found that webpack-dev-middleware demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.