Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
webpack-merge-and-include-globally
Advanced tools
Merge multiple files (js,css..) into single file to include somewhere
Webpack plugin to merge your source files together into single file, to be included in index.html, and achieving same effect as you would by including them all separately through <script>
or <link>
.
npm install --save-dev webpack-merge-and-include-globally
Lets say you want to make libraries like jquery
, moment
(including 3 languages) and toastr
available globally, and you're struggling to make them global with webpack or just importing them (in cases they aren't written well) because require() wraps the code into new scope and you want to execute it against a global scope, and you don't want to do this:
<script src="/node_modules/jquery/dist/jquery.min.js"></script>
<script src="/node_modules/moment/moment.js"></script>
<script src="/node_modules/moment/locale/cs.js"></script>
<script src="/node_modules/moment/locale/de.js"></script>
<script src="/node_modules/moment/locale/nl.js"></script>
<script src="/node_modules/toastr/build/toastr.min.js"></script>
<link rel="stylesheet" href="/node_modules/toastr/build/toastr.min.css">
because your node_modules
is not available in production.
with this plugin you can achieve the desired effect this way:
const MergeIntoSingleFilePlugin = require('webpack-merge-and-include-globally');
module.exports = {
...
plugins: [
new MergeIntoSingleFilePlugin({
files: {
"vendor.js": [
'node_modules/jquery/dist/jquery.min.js',
// will work too
// 'node_modules/jquery/**/*.min.js',
'node_modules/moment/moment.js',
'node_modules/moment/locale/cs.js',
'node_modules/moment/locale/de.js',
'node_modules/moment/locale/nl.js',
'node_modules/toastr/build/toastr.min.js'
],
"vendor.css": [
'node_modules/toastr/build/toastr.min.css'
]
}
}),
]
this generates 2 files with merged js and css content, include them into your index.html
to take effect:
<script src="./vendor.js"></script>
<link rel="stylesheet" href="./vendor.css">
now jQuery
, moment
and toastr
are available globally throughout your application.
Object that maps file names to array of all files (can also be defined by wildcard path) that will be merged together and saved under each file name.
For example to merge jquery
, classnames
and humps
into vendor.js
, do:
new MergeIntoSingle({
files: {
'vendor.js': [
'node_modules/jquery/**/*.min.js',
'node_modules/classnames/index.js',
'node_modules/humps/humps.js'
],
'style.css': [
'example/test.css'
]
}
})
Object that maps resulting file names to tranform methods that will be applied on merged content before saving. Use to minify / uglify the result.
For example to minify the final merge result of vendor.js
, do:
new MergeIntoSingle({
files: { 'vendor.js': [...] },
transform: {
'vendor.js': code => require("uglify-js").minify(code).code
}
})
Alternative way to specify files as array of src
& dest
, for flexibility to transform and create multiple destination files for same source when you need to generate additional map file for example.
new MergeIntoSingle({
files: [{
src:[
'node_modules/jquery/**/*.min.js',
'node_modules/classnames/index.js',
'node_modules/humps/humps.js'
],
dest: code => {
const min = uglifyJS.minify(code, {sourceMap: {
filename: 'vendor.js',
url: 'vendor.js.map'
}});
return {
'vendor.js':min.code,
'vendor.js.map': min.map
}
},
// also possible:
//
// dest: 'vendor.js'
},{
src: ['example/test.css'],
dest: 'style.css'
// also possible:
//
// dest: code => ({
// 'style.css':new CleanCSS({}).minify(code).styles
// })
}]
})
default: false
set true
to append version hash before file extension.
you can get names of generated files mapped to original by passing callback function as second argument to plugin:
new MergeIntoSingle({ ... }, filesMap => { ... }),
default: undefined
also you can pass function for change output file name with hash
new MergeIntoSingle({
...,
transformFileName: (fileNameBase, extension, hash) => `${fileName}.[${hash}]${extension}`,
// bundle.[somehash].js
}),
//or
new MergeIntoSingle({
...,
transformFileName: (fileNameBase, extension, hash) => `${fileNameBase}${extension}?hash=${hash}`,
// bundle.js?hash=somehash
}),
default: 'utf-8'
encoding of node.js reading
default: undefined
array of entry points (strings) for which this plugin should run only
default: '\n'
string used between files when joining them together
working example already included in project.
to test first install npm i
, then run npm run start
to see it in action
and npm run build
to build prod files with vendor file and index.html
.
FAQs
Merge multiple files (js,css..) into single file to include somewhere
The npm package webpack-merge-and-include-globally receives a total of 24,753 weekly downloads. As such, webpack-merge-and-include-globally popularity was classified as popular.
We found that webpack-merge-and-include-globally demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.