Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
webpack-dev-middleware
Advanced tools
Offers a dev middleware for webpack, which arguments a live bundle to a directory
webpack-dev-middleware is a package that provides a simple way to serve and live reload webpack bundles for development purposes. It's designed to be used with a Node.js server, such as Express, and it allows developers to serve the webpack-generated files without writing them to disk, providing a faster development experience.
Serving Webpack Bundles
This code sample demonstrates how to set up webpack-dev-middleware with an Express server. It serves the files generated by webpack based on the provided configuration.
const express = require('express');
const webpack = require('webpack');
const webpackDevMiddleware = require('webpack-dev-middleware');
const config = require('./webpack.config.js');
const compiler = webpack(config);
const app = express();
app.use(webpackDevMiddleware(compiler, {
publicPath: config.output.publicPath
}));
app.listen(3000, function () {
console.log('Example app listening on port 3000!\n');
});
Enabling Hot Module Replacement (HMR)
This code sample shows how to enable Hot Module Replacement (HMR) in conjunction with webpack-dev-middleware. It requires an additional package, webpack-hot-middleware, to work.
const webpackHotMiddleware = require('webpack-hot-middleware');
app.use(webpackDevMiddleware(compiler, {
publicPath: config.output.publicPath
}));
app.use(webpackHotMiddleware(compiler));
BrowserSync is a package that allows for live reloading of web pages as files are edited and saved. It can be integrated with webpack using browser-sync-webpack-plugin. Unlike webpack-dev-middleware, BrowserSync is focused on synchronizing interactions across multiple devices/browsers during testing.
Serve is a static file serving and directory listing package that can be used for quick prototyping and local development. It does not have built-in webpack integration or HMR, but it's a simple alternative for serving static files.
webpack-hot-server-middleware is similar to webpack-dev-middleware but is specifically designed for use with server-side rendering in Node.js applications. It works in tandem with webpack-dev-middleware and webpack-hot-middleware to enable HMR for server-rendered apps.
webpack-serve is a now-deprecated package that was once an alternative to webpack-dev-middleware. It provided a development server that used webpack's watch mode to observe file changes and recompile automatically. It has since been replaced by webpack-dev-server, which offers similar functionality.
It's a simple wrapper middleware for webpack. It serves the files emitted from webpack over a connect server. This should be used for development only.
It has a few advantages over bundling it as files:
npm install webpack-dev-middleware --save-dev
var webpackMiddleware = require("webpack-dev-middleware");
app.use(webpackMiddleware(...));
Example usage:
app.use(webpackMiddleware(webpack({
// webpack options
// webpackMiddleware takes a Compiler object as first parameter
// which is returned by webpack(...) without callback.
entry: "...",
output: {
path: "/"
// no real path is required, just pass "/"
// but it will work with other paths too.
}
}), {
// publicPath is required, whereas all other options are optional
noInfo: false,
// display no info to console (only warnings and errors)
quiet: false,
// display nothing to the console
lazy: true,
// switch into lazy mode
// that means no watching, but recompilation on every request
watchOptions: {
aggregateTimeout: 300,
poll: true
},
// watch options (only lazy: false)
publicPath: "/assets/",
// public path to bind the middleware to
// use the same as in webpack
index: "index.html",
// the index path for web server
headers: { "X-Custom-Header": "yes" },
// custom headers
mimeTypes: { "text/html": [ "phtml" ] },
// Add custom mime/extension mappings
// https://github.com/broofa/node-mime#mimedefine
// https://github.com/webpack/webpack-dev-middleware/pull/150
stats: {
colors: true
},
// options for formating the statistics
reporter: null,
// Provide a custom reporter to change the way how logs are shown.
serverSideRender: false,
// Turn off the server-side rendering mode. See Server-Side Rendering part for more info.
}));
This part shows how you might interact with the middleware during runtime:
close(callback)
- stop watching for file changes
var webpackDevMiddlewareInstance = webpackMiddleware(/* see example usage */);
app.use(webpackDevMiddlewareInstance);
// After 10 seconds stop watching for file changes:
setTimeout(function(){
webpackDevMiddlewareInstance.close();
}, 10000);
invalidate()
- recompile the bundle - e.g. after you changed the configuration
var compiler = webpack(/* see example usage */);
var webpackDevMiddlewareInstance = webpackMiddleware(compiler);
app.use(webpackDevMiddlewareInstance);
setTimeout(function(){
// After a short delay the configuration is changed
// in this example we will just add a banner plugin:
compiler.apply(new webpack.BannerPlugin('A new banner'));
// Recompile the bundle with the banner plugin:
webpackDevMiddlewareInstance.invalidate();
}, 1000);
waitUntilValid(callback)
- executes the callback
if the bundle is valid or after it is valid again:
var webpackDevMiddlewareInstance = webpackMiddleware(/* see example usage */);
app.use(webpackDevMiddlewareInstance);
webpackDevMiddlewareInstance.waitUntilValid(function(){
console.log('Package is in a valid state');
});
Note: this feature is experimental and may be removed or changed completely in the future.
In order to develop a server-side rendering application, we need access to the stats
, which is generated with the latest build.
In the server-side rendering mode, webpack-dev-middleware would sets the stat
to res.locals.webpackStats
before invoking the next middleware, where we can render pages and response to clients.
Notice that requests for bundle files would still be responded by webpack-dev-middleware and all requests will be pending until the building process is finished in the server-side rendering mode.
// This function makes server rendering of asset references consistent with different webpack chunk/entry confiugrations
function normalizeAssets(assets) {
return Array.isArray(assets) ? assets : [assets]
}
app.use(webpackMiddleware(compiler, { serverSideRender: true })
// The following middleware would not be invoked until the latest build is finished.
app.use((req, res) => {
const assetsByChunkName = res.locals.webpackStats.toJson().assetsByChunkName
// then use `assetsByChunkName` for server-sider rendering
// For example, if you have only one main chunk:
res.send(`
<html>
<head>
<title>My App</title>
${
normalizeAssets(assetsByChunkName.main)
.filter(path => path.endsWith('.css'))
.map(path => `<link rel="stylesheet" href="${path}" />`)
.join('\n')
}
</head>
<body>
<div id="root"></div>
${
normalizeAssets(assetsByChunkName.main)
.filter(path => path.endsWith('.js'))
.map(path => `<script src="${path}"></script>`)
.join('\n')
}
</body>
</html>
`)
})
Don't hesitate to create a pull request. Every contribution is appreciated. In development you can start the tests by calling npm test
.
Kees Kluskens |
FAQs
A development middleware for webpack
The npm package webpack-dev-middleware receives a total of 16,120,831 weekly downloads. As such, webpack-dev-middleware popularity was classified as popular.
We found that webpack-dev-middleware demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.