Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
webpack-dev-server
Advanced tools
webpack-dev-server is a development server that provides live reloading. It is intended to be used with webpack, a module bundler. It uses webpack's watch mode and, when changes are detected, it recompiles the bundle and notifies the client to reload the page.
Live Reloading
Automatically reloads the page when files are changed. The 'hot' option enables Hot Module Replacement without page refresh as fallback in case of build failures.
module.exports = {
devServer: {
contentBase: './dist',
hot: true
}
};
Custom Middleware
Allows developers to add custom routes before the server starts. Useful for mocking an API or other custom server logic.
module.exports = {
devServer: {
before: function(app, server) {
app.get('/some/path', function(req, res) {
res.json({ custom: 'response' });
});
}
}
};
Proxying API Requests
Redirects API calls to another server. This is useful when you have a separate API backend development server and you want to send API requests on the same domain.
module.exports = {
devServer: {
proxy: {
'/api': 'http://localhost:3000'
}
}
};
HTTPS Support
Allows serving the webpack application over HTTPS. This is useful for testing applications that require secure connections.
module.exports = {
devServer: {
https: true
}
};
BrowserSync is an automation tool that makes web development faster. It synchronizes file changes and interactions across multiple devices. It's similar to webpack-dev-server but works across multiple browsers and devices.
Lite-server is a lightweight development server that serves a web app, opens it in the browser, and refreshes the browser on file changes. It is built on top of BrowserSync and provides fewer configuration options compared to webpack-dev-server.
Serve is a static server that lets you serve static files quickly. It is simpler than webpack-dev-server and does not have built-in support for live reloading or module bundling.
http-server is a simple, zero-configuration command-line HTTP server. It is powerful and has the ability to serve static files, but lacks the advanced features of webpack-dev-server like live reloading and module hot replacement.
Use webpack with a development server that provides live reloading. This should be used for development only.
It uses webpack-dev-middleware under the hood, which provides fast in-memory access to the webpack assets.
First things first, install the module:
npm install webpack-dev-server --save-dev
or
yarn add -D webpack-dev-server
or
pnpm add -D webpack-dev-server
Note: While you can install and run webpack-dev-server globally, we recommend installing it locally. webpack-dev-server will always use a local installation over a global one.
There are two main, recommended methods of using the module:
The easiest way to use it is with the webpack CLI. In the directory where your
webpack.config.js
is, run:
npx webpack serve
Following options are available with webpack serve
:
Usage: webpack serve|server|s [entries...] [options]
Run the webpack dev server.
Options:
-c, --config <value...> Provide path to a webpack configuration file e.g. ./webpack.config.js.
--config-name <value...> Name of the configuration to use.
-m, --merge Merge two or more configurations using 'webpack-merge'.
--disable-interpret Disable interpret for loading the config file.
--env <value...> Environment passed to the configuration when it is a function.
--node-env <value> Sets process.env.NODE_ENV to the specified value.
--define-process-env-node-env <value> Sets process.env.NODE_ENV to the specified value. (Currently an alias for `--node-env`)
--analyze It invokes webpack-bundle-analyzer plugin to get bundle information.
--progress [value] Print compilation progress during build.
-j, --json [value] Prints result as JSON or store it in a file.
--fail-on-warnings Stop webpack-cli process with non-zero exit code on warnings from webpack
-d, --devtool <value> A developer tool to enhance debugging (false | eval | [inline-|hidden-|eval-][nosources-][cheap-[module-]]source-map).
--no-devtool Negative 'devtool' option.
--entry <value...> A module that is loaded upon startup. Only the last one is exported.
--mode <value> Enable production optimizations or development hints.
--name <value> Name of the configuration. Used when loading multiple configurations.
-o, --output-path <value> The output directory as **absolute path** (required).
--stats [value] Stats options object or preset name.
--no-stats Negative 'stats' option.
-t, --target <value...> Environment to build for. Environment to build for. An array of environments to build for all of them when possible.
--no-target Negative 'target' option.
--watch-options-stdin Stop watching when stdin stream has ended.
--no-watch-options-stdin Negative 'watch-options-stdin' option.
--allowed-hosts <value...> Allows to enumerate the hosts from which access to the dev server are allowed (useful when you are proxying dev server, by default is 'auto').
--allowed-hosts-reset Clear all items provided in 'allowedHosts' configuration. Allows to enumerate the hosts from which access to the dev server are allowed (useful when you are proxying dev server, by default is 'auto').
--bonjour Allows to broadcasts dev server via ZeroConf networking on start.
--no-bonjour Disallows to broadcasts dev server via ZeroConf networking on start.
--no-client Disables client script.
--client-logging <value> Allows to set log level in the browser.
--client-overlay Enables a full-screen overlay in the browser when there are compiler errors or warnings.
--no-client-overlay Disables the full-screen overlay in the browser when there are compiler errors or warnings.
--client-overlay-errors Enables a full-screen overlay in the browser when there are compiler errors.
--no-client-overlay-errors Disables the full-screen overlay in the browser when there are compiler errors.
--client-overlay-warnings Enables a full-screen overlay in the browser when there are compiler warnings.
--no-client-overlay-warnings Disables the full-screen overlay in the browser when there are compiler warnings.
--client-overlay-runtime-errors Enables a full-screen overlay in the browser when there are uncaught runtime errors.
--no-client-overlay-runtime-errors Disables the full-screen overlay in the browser when there are uncaught runtime errors.
--client-overlay-trusted-types-policy-name <value> The name of a Trusted Types policy for the overlay. Defaults to 'webpack-dev-server#overlay'.
--client-progress Prints compilation progress in percentage in the browser.
--no-client-progress Does not print compilation progress in percentage in the browser.
--client-reconnect [value] Tells dev-server the number of times it should try to reconnect the client.
--no-client-reconnect Tells dev-server to not to try to reconnect the client.
--client-web-socket-transport <value> Allows to set custom web socket transport to communicate with dev server.
--client-web-socket-url <value> Allows to specify URL to web socket server (useful when you're proxying dev server and client script does not always know where to connect to).
--client-web-socket-url-hostname <value> Tells clients connected to devServer to use the provided hostname.
--client-web-socket-url-pathname <value> Tells clients connected to devServer to use the provided path to connect.
--client-web-socket-url-password <value> Tells clients connected to devServer to use the provided password to authenticate.
--client-web-socket-url-port <value> Tells clients connected to devServer to use the provided port.
--client-web-socket-url-protocol <value> Tells clients connected to devServer to use the provided protocol.
--client-web-socket-url-username <value> Tells clients connected to devServer to use the provided username to authenticate.
--compress Enables gzip compression for everything served.
--no-compress Disables gzip compression for everything served.
--history-api-fallback Allows to proxy requests through a specified index page (by default 'index.html'), useful for Single Page Applications that utilise the HTML5 History API.
--no-history-api-fallback Disallows to proxy requests through a specified index page.
--host <value> Allows to specify a hostname to use.
--hot [value] Enables Hot Module Replacement.
--no-hot Disables Hot Module Replacement.
--ipc [value] Listen to a unix socket.
--live-reload Enables reload/refresh the page(s) when file changes are detected (enabled by default).
--no-live-reload Disables reload/refresh the page(s) when file changes are detected (enabled by default).
--open [value...] Allows to configure dev server to open the browser(s) and page(s) after server had been started (set it to true to open your default browser).
--no-open Does not open the default browser.
--open-target <value...> Opens specified page in browser.
--open-app-name <value...> Open specified browser.
--open-reset Clear all items provided in 'open' configuration. Allows to configure dev server to open the browser(s) and page(s) after server had been started (set it to true to open your default browser).
--open-target-reset Clear all items provided in 'open.target' configuration. Opens specified page in browser.
--open-app-name-reset Clear all items provided in 'open.app.name' configuration. Open specified browser.
--port <value> Allows to specify a port to use.
--server-type <value> Allows to set server and options (by default 'http').
--server-options-passphrase <value> Passphrase for a pfx file.
--server-options-request-cert Request for an SSL certificate.
--no-server-options-request-cert Does not request for an SSL certificate.
--server-options-ca <value...> Path to an SSL CA certificate or content of an SSL CA certificate.
--server-options-ca-reset Clear all items provided in 'server.options.ca' configuration. Path to an SSL CA certificate or content of an SSL CA certificate.
--server-options-cert <value...> Path to an SSL certificate or content of an SSL certificate.
--server-options-cert-reset Clear all items provided in 'server.options.cert' configuration. Path to an SSL certificate or content of an SSL certificate.
--server-options-crl <value...> Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists).
--server-options-crl-reset Clear all items provided in 'server.options.crl' configuration. Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists).
--server-options-key <value...> Path to an SSL key or content of an SSL key.
--server-options-key-reset Clear all items provided in 'server.options.key' configuration. Path to an SSL key or content of an SSL key.
--server-options-pfx <value...> Path to an SSL pfx file or content of an SSL pfx file.
--server-options-pfx-reset Clear all items provided in 'server.options.pfx' configuration. Path to an SSL pfx file or content of an SSL pfx file.
--static [value...] Allows to configure options for serving static files from directory (by default 'public' directory).
--no-static Disallows to configure options for serving static files from directory.
--static-directory <value...> Directory for static contents.
--static-public-path <value...> The static files will be available in the browser under this public path.
--static-serve-index Tells dev server to use serveIndex middleware when enabled.
--no-static-serve-index Does not tell dev server to use serveIndex middleware.
--static-watch Watches for files in static content directory.
--no-static-watch Does not watch for files in static content directory.
--static-reset Clear all items provided in 'static' configuration. Allows to configure options for serving static files from directory (by default 'public' directory).
--static-public-path-reset Clear all items provided in 'static.publicPath' configuration. The static files will be available in the browser under this public path.
--watch-files <value...> Allows to configure list of globs/directories/files to watch for file changes.
--watch-files-reset Clear all items provided in 'watchFiles' configuration. Allows to configure list of globs/directories/files to watch for file changes.
--no-web-socket-server Disallows to set web socket server and options.
--web-socket-server-type <value> Allows to set web socket server and options (by default 'ws').
Global options:
--color Enable colors on console.
--no-color Disable colors on console.
-v, --version Output the version number of 'webpack', 'webpack-cli' and 'webpack-dev-server' and commands.
-h, --help [verbose] Display help for commands and options.
To see list of all supported commands and options run 'webpack --help=verbose'.
Webpack documentation: https://webpack.js.org/.
CLI documentation: https://webpack.js.org/api/cli/.
Made with ♥ by the webpack team.
[!NOTE]
Detailed documentation for above options is available on this link.
NPM package.json scripts are a convenient and useful means to run locally installed binaries without having to be concerned about their full paths. Simply define a script as such:
{
"scripts": {
"serve": "webpack serve"
}
}
And run the following in your terminal/console:
npm run serve
NPM will automatically refer to the the binary in node_modules
for you, and
execute the file or command.
While it's recommended to run webpack-dev-server via the CLI, you may also choose to start a server via the API.
See the related API documentation for webpack-dev-server
.
If you use TypeScript in the webpack config, you'll need to properly type devServer
property in order to avoid TS errors (e.g. 'devServer' does not exist in type 'Configuration'
). For that use either:
/// <reference path="node_modules/webpack-dev-server/types/lib/Server.d.ts"/>
import type { Configuration } from "webpack";
// Your logic
Or you can import the type from webpack-dev-server
, i.e.
import type { Configuration as DevServerConfiguration } from "webpack-dev-server";
import type { Configuration } from "webpack";
const devServer: DevServerConfiguration = {};
const config: Configuration = { devServer };
// module.exports
export default config;
Either method will start a server instance and begin listening for connections
from localhost
on port 8080
.
webpack-dev-server is configured by default to support live-reload of files as you edit your assets while the server is running.
See the documentation for more use cases and options.
While webpack-dev-server
transpiles the client (browser) scripts to an ES5
state, the project only officially supports the last two versions of major
browsers. We simply don't have the resources to support every whacky
browser out there.
If you find a bug with an obscure / old browser, we would actively welcome a Pull Request to resolve the bug.
We do our best to keep issues in the repository focused on bugs, features, and needed modifications to the code for the module. Because of that, we ask users with general support, "how-to", or "why isn't this working" questions to try one of the other support channels that are available.
Your first-stop-shop for support for webpack-dev-server should be the excellent documentation for the module. If you see an opportunity for improvement of those docs, please head over to the webpack.js.org repo and open a pull request.
From there, we encourage users to visit the webpack discussions and
talk to the fine folks there. If your quest for answers comes up dry in chat,
head over to StackOverflow and do a quick search or open a new
question. Remember; It's always much easier to answer questions that include your
webpack.config.js
and relevant files!
If you're twitter-savvy you can tweet #webpack with your question and someone should be able to reach out and lend a hand.
If you have discovered a :bug:, have a feature suggestion, or would like to see a modification, please feel free to create an issue on Github. Note: The issue template isn't optional, so please be sure not to remove it, and please fill it out completely.
We welcome your contributions! Please have a read of CONTRIBUTING.md for more information on how to get involved.
This project is heavily inspired by peerigon/nof5.
FAQs
Serves a webpack app. Updates the browser on changes.
The npm package webpack-dev-server receives a total of 10,067,101 weekly downloads. As such, webpack-dev-server popularity was classified as popular.
We found that webpack-dev-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.