Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Webpack configuration manager
Setting up webpack with a bunch of plugins and environments every time you start a new project can be time consuming and often confusing. Webpacker aims to provide you with an easy way to use standard webpack configurations without the hassle of setting them up yourself all the time.
npm i --save-dev webpacker
For now there are 3 commands you can use.
webpacker serve
=> Webpacker will serve your project for development purposes.webpacker build
=> Webpacker will build your project and output it to a folder.webpacker stats
=> Webpacker will build your project and output it to a folder and it will open a browser window with information about your bundle sizes.Name | Additional parameters allowed | Description |
---|---|---|
css | {env, postcssOpts} | Loads a CSS file |
cyclejs | {excludePattern, plugins, presets} | A functional and reactive JavaScript framework for predictable code. Uses babel-loader |
graphql | {excludePattern} | A query language for your API |
react | {excludePattern, plugins, presets} | A JavaScript library for building user interfaces. Uses babel-loader |
scss | {env, scssVariables, postcssOpts} | Loads a Sass/SCSS file and compiles it to CSS. |
utils | {env, postcssOpts} | An aggregation of postcss-loader, url-loader and style-loader |
Name | Additional parameters allowed | Description |
---|---|---|
configure | {env, constants} | Shorthand for using the DefinePlugin on process.env keys. |
copy | {copy} | Copies individual files or entire directories to the build directory |
css | {devServer} | It creates a CSS file per JS file which contains CSS. It supports On-Demand-Loading of CSS and SourceMaps. |
favicon | {cwd, logo} | Allows to use the favicons generator with webpack |
html | {cwd, index} | Plugin that simplifies creation of HTML files to serve your bundles |
stats | Visualize size of webpack output files with an interactive zoomable treemap | |
compress | {devServer} | Prepare compressed versions of assets |
lodash | opts | Treeshaking plugin for lodash-es |
To provide configuration to webpacker, you'll need to add a .webpacker.js
file in the root of your project. The location of the config file can be changed by passing --config path/to/my/file.js
when running webpacker.
The .webpacker.js
file needs to export an object with at least the preset
key.
The preset defines which loaders and plugins will be used. If the loader or plugin you need is not available, please submit an issue or a PR.
To provide a consistent way of providing arguments to the loaders and plugins, 2 functions are available to help:
setLoader
and setPlugin
.
These functions can be called with the name of the plugin/loader as the first argument and with optional additional arguments as the second.
For a list of available loaders, please check ./loaders/index.js
.
For a list of available plugins, please check ./plugins/index.js
.
The following options can be adjusted by returning them as a key in .webpacker.js
. The options should be functions and their only argument is the function that webpacker itself uses internally. You can choose to call this given function and extend on its return value, or choose to not use the function and return a value of your choosing (refer to the documentation of each option to see what has to be returned).
devServer
is used to define options for webpack-dev-server, which is used when running webpacker serve
.
entry
is for webpack's entry
option. By default its value is ./src/index.js
.
output
is for webpack's output
option.
devtool
is for webpack's devtool
option.
const path = require('path');
const {setLoader, setPlugin} = require('webpacker/utils');
const constants = require(`./config/${process.env.NODE_ENV || 'development'}`);
module.exports = {
output: fn => fn({path: path.join(__dirname, 'build')}),
preset: {
loaders: [
setLoader('react'),
setLoader('css'),
setLoader('scss'),
],
plugins: [
setPlugin('configure', {constants}),
setPlugin('css'),
setPlugin('favicon', {logo: './public/img/streamline.svg'}),
setPlugin('html'),
],
}
};
Support us by giving feedback, opening a pull request or just by starring the project!
ISC
FAQs
Webpack configuration manager
We found that webpacker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.