Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Packs ECMAScript/CommonJs/AMD modules for the browser. Allows you to split your codebase into multiple bundles, which can be loaded on demand. Supports loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
Webpack is a powerful module bundler for JavaScript applications. It processes applications by internally building a dependency graph which maps every module your project needs and generates one or more bundles. It is highly extensible via loaders and plugins, and it's designed to manage, transform, and bundle frontend assets like JavaScript, CSS, and images.
Module Bundling
Webpack bundles all the JavaScript files and other assets like CSS and images into a single output file. The code sample shows a basic webpack configuration defining an entry point and the output bundle.
module.exports = {
entry: './path/to/my/entry/file.js',
output: {
path: path.resolve(__dirname, 'dist'),
filename: 'my-first-webpack.bundle.js'
}
};
Loaders
Loaders allow webpack to process different types of files and convert them into modules that can be included in your bundle. The code sample demonstrates how to use loaders to handle .txt and .css files.
module.exports = {
module: {
rules: [
{ test: /\.txt$/, use: 'raw-loader' },
{ test: /\.css$/, use: ['style-loader', 'css-loader'] }
]
}
};
Plugins
Plugins can be leveraged to perform a wider range of tasks like bundle optimization, asset management, and environment variable injection. The code sample shows how to use the HtmlWebpackPlugin to generate an index.html file with the bundled assets injected.
const HtmlWebpackPlugin = require('html-webpack-plugin');
module.exports = {
plugins: [new HtmlWebpackPlugin({ template: './src/index.html' })]
};
Development Server
Webpack provides a development server that can be used to serve your application during development. It supports live reloading. The code sample configures the webpack development server to serve files from the 'dist' directory.
module.exports = {
devServer: {
contentBase: './dist',
open: true
}
};
Code Splitting
Code splitting allows you to split your code into various bundles which can then be loaded on demand or in parallel. The code sample shows how to split the application and vendor code into separate bundles.
module.exports = {
entry: {
app: './src/app.js',
vendor: './src/vendor.js'
},
output: {
filename: '[name].bundle.js',
path: __dirname + '/dist'
}
};
Rollup is a module bundler for JavaScript which uses a flat bundle approach that's more efficient for libraries and applications with a complex module structure. It's known for its tree-shaking capabilities, which eliminate unused code.
Parcel is a web application bundler that offers a zero-configuration setup. It's known for its fast bundle times and out-of-the-box support for many file types without the need for additional plugins or loaders.
Browserify lets you require('modules') in the browser by bundling up all of your dependencies. It's been around longer than webpack and has a simpler approach, but it lacks some of the more advanced features and optimizations that webpack offers.
FuseBox is a bundler/module loader that combines the power of webpack, JSPM, and SystemJS. It introduces a streamlined workflow and has a powerful API. It's known for its speed and simplicity.
Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset.
Install with npm:
npm install --save-dev webpack
Install with yarn:
yarn add webpack --dev
Webpack is a bundler for modules. The main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset.
TL;DR
Check out webpack's quick Get Started guide and the other guides.
Webpack supports all browsers that are ES5-compliant (IE8 and below are not supported).
Webpack also needs Promise
for import()
and require.ensure()
. If you want to support older browsers, you will need to load a polyfill before using these expressions.
Webpack has a rich plugin interface. Most of the features within webpack itself use this plugin interface. This makes webpack very flexible.
Name | Status | Install Size | Description |
---|---|---|---|
mini-css-extract-plugin | Extracts CSS into separate files. It creates a CSS file per JS file which contains CSS. | ||
compression-webpack-plugin | Prepares compressed versions of assets to serve them with Content-Encoding | ||
html-webpack-plugin | Simplifies creation of HTML files (index.html ) to serve your bundles | ||
pug-plugin | Renders Pug files to HTML, extracts JS and CSS from sources specified directly in Pug. |
Webpack enables the use of loaders to preprocess files. This allows you to bundle any static resource way beyond JavaScript. You can easily write your own loaders using Node.js.
Loaders are activated by using loadername!
prefixes in require()
statements,
or are automatically applied via regex from your webpack configuration.
Name | Status | Install Size | Description |
---|---|---|---|
val-loader | Executes code as module and considers exports as JS code |
Name | Status | Install Size | Description |
---|---|---|---|
Loads and transpiles a CSON file |
Name | Status | Install Size | Description |
---|---|---|---|
Loads ES2015+ code and transpiles to ES5 using Babel | |||
Loads TypeScript like JavaScript | |||
Loads CoffeeScript like JavaScript |
Name | Status | Install Size | Description |
---|---|---|---|
Exports HTML as string, requires references to static resources | |||
Loads Pug templates and returns a function | |||
Compiles Pug to a function or HTML string, useful for use with Vue, React, Angular | |||
Compiles Markdown to HTML | |||
Loads and transforms a HTML file using PostHTML | |||
Compiles Handlebars to HTML |
Name | Status | Install Size | Description |
---|---|---|---|
<style> | Add exports of a module as style to DOM | ||
Loads CSS file with resolved imports and returns CSS code | |||
Loads and compiles a LESS file | |||
Loads and compiles a Sass/SCSS file | |||
Loads and compiles a Stylus file | |||
Loads and transforms a CSS/SSS file using PostCSS |
Webpack uses async I/O and has multiple caching levels. This makes webpack fast and incredibly fast on incremental compilations.
Webpack supports ES2015+, CommonJS and AMD modules out of the box. It performs clever static analysis on the AST of your code. It even has an evaluation engine to evaluate simple expressions. This allows you to support most existing libraries out of the box.
Webpack allows you to split your codebase into multiple chunks. Chunks are loaded asynchronously at runtime. This reduces the initial loading time.
Webpack can do many optimizations to reduce the output size of your JavaScript by deduplicating frequently used modules, minifying, and giving you full control of what is loaded initially and what is loaded at runtime through code splitting. It can also make your code chunks cache friendly by using hashes.
We want contributing to webpack to be fun, enjoyable, and educational for anyone, and everyone. We have a vibrant ecosystem that spans beyond this single repo. We welcome you to check out any of the repositories in our organization or webpack-contrib organization which houses all of our loaders and plugins.
Contributions go far beyond pull requests and commits. Although we love giving you the opportunity to put your stamp on webpack, we also are thrilled to receive a variety of other contributions including:
To get started have a look at our documentation on contributing.
If you are worried or don't know where to start, you can always reach out to Sean Larkin (@TheLarkInn) on Twitter or simply submit an issue and a maintainer can help give you guidance!
We have also started a series on our Medium Publication called The Contributor's Guide to webpack. We welcome you to read it and post any questions or responses if you still need help.
Looking to speak about webpack? We'd love to review your talk abstract/CFP! You can email it to webpack [at] opencollective [dot] com and we can give pointers or tips!!!
If you create a loader or plugin, we would <3 for you to open source it, and put it on npm. We follow the x-loader
, x-webpack-plugin
naming convention.
We consider webpack to be a low-level tool used not only individually but also layered beneath other awesome tools. Because of its flexibility, webpack isn't always the easiest entry-level solution, however we do believe it is the most powerful. That said, we're always looking for ways to improve and simplify the tool without compromising functionality. If you have any ideas on ways to accomplish this, we're all ears!
If you're just getting started, take a look at our new docs and concepts page. This has a high level overview that is great for beginners!!
Looking for webpack 1 docs? Please check out the old wiki, but note that this deprecated version is no longer supported.
If you want to discuss something or just need help, here is our Gitter room where there are always individuals looking to help out!
If you are still having difficulty, we would love for you to post a question to StackOverflow with the webpack tag. It is much easier to answer questions that include your webpack.config.js and relevant files! So if you can provide them, we'd be extremely grateful (and more likely to help you find the answer!)
If you are twitter savvy you can tweet #webpack with your question and someone should be able to reach out and help also.
If you have discovered a 🐜 or have a feature suggestion, feel free to create an issue on GitHub.
Tobias Koppers Core Founder of webpack |
Johannes Ewald Loaders & Plugins Early adopter of webpack |
Sean T. Larkin Public Relations Founder of the core team |
Kees Kluskens Development Sponsor |
Most of the core team members, webpack contributors and contributors in the ecosystem do this open source work in their free time. If you use webpack for a serious task, and you'd like us to invest more time on it, please donate. This project increases your income/productivity too. It makes development and applications faster and it reduces the required bandwidth.
This is how we use the donations:
Before we started using OpenCollective, donations were made anonymously. Now that we have made the switch, we would like to acknowledge these sponsors (and the ones who continue to donate using OpenCollective). If we've missed someone, please send us a PR, and we'll add you to this list.
Become a gold sponsor and get your logo on our README on GitHub with a link to your site.
Become a silver sponsor and get your logo on our README on GitHub with a link to your site.
Become a bronze sponsor and get your logo on our README on GitHub with a link to your site.
Become a backer and get your image on our README on GitHub with a link to your site.
(In chronological order)
FAQs
Packs ECMAScript/CommonJs/AMD modules for the browser. Allows you to split your codebase into multiple bundles, which can be loaded on demand. Supports loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
The npm package webpack receives a total of 26,419,289 weekly downloads. As such, webpack popularity was classified as popular.
We found that webpack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.