Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
wext-manifest-loader
Advanced tools
Webextension Manifest Generator that you specify `manifest.json` properties to appear only in specific browsers.
Webpack Loader for Webextension manifest
Generate browser tailored manifest.json
for Web Extensions that you specify properties to appear only in specific browsers.
✔ | ✔ | ✔ | ✔ |
This loader will take a definition input for the manifest, and return you content for the specified browser.
Checkout web-extension-starter that uses this package
npm install --save-dev wext-manifest-loader wext-manifest-webpack-plugin
or
yarn add wext-manifest-loader wext-manifest-webpack-plugin --dev
You can easily use this module together with the wext-manifest-webpack-plugin
to output the manifest.json
as part of your build process without any additional js bundle and with auto rebundling on file change.
Note: Make sure you pass a TARGET_BROWSER env variable with one of chrome/firefox/edge/opera
value
https://github.com/abhijithvijayan/web-extension-starter/blob/react-typescript/src/manifest.json
webpack.config.js
// ... other plugins
const WextManifestWebpackPlugin = require("wext-manifest-webpack-plugin");
const targetBrowser = process.env.TARGET_BROWSER;
const destPath = path.join(__dirname, 'extension');
module.exports = {
entry: {
manifest: './src/manifest.json',
// ...
},
output: {
path: path.join(destPath, targetBrowser),
filename: 'js/[name].bundle.js',
},
module: {
rules: [
{
type: 'javascript/auto', // prevent webpack handling json with its own loaders,
test: /manifest\.json$/,
use: 'wext-manifest-loader',
exclude: /node_modules/,
},
]
},
plugins: [
new WextManifestWebpackPlugin(),
// ...
],
};
usePackageJSONVersion
Type: Boolean
Default: false
If true, updates manifest.json version
field with package.json
version. It is often useful for easy release of web-extension.
webpack.config.js
module.exports = {
module: {
rules: [
{
type: 'javascript/auto', // prevent webpack handling json with its own loaders,
test: /manifest\.json$/,
use: {
loader: 'wext-manifest-loader',
options: {
usePackageJSONVersion: true,
},
},
exclude: /node_modules/,
},
],
},
};
Vendor prefixed manifest keys allow you to write one manifest.json
for multiple vendors.
{
"__chrome__name": "AwesomeChrome",
"__firefox__name": "AwesomeFirefox",
"__edge__name": "AwesomeEdge",
"__opera__name": "AwesomeOpera"
}
if the vendor is chrome
this compiles to:
{
"name": "AwesomeChrome",
}
Add keys to multiple vendors by seperating them with | in the prefix
{
__chrome|opera__name: "AwesomeExtension"
}
if the vendor is chrome
or opera
, this compiles to:
{
"name": "AwesomeExtension"
}
Thanks to @fregante for suggesting to convert initial (wext-manifest
) module to webpack loader(wext-manifest-loader
)
Give a ⭐️ if this project helped you!
MIT © Abhijith Vijayan
FAQs
Webpack loader that lets you specify `manifest.json` properties to appear only in specific browsers.
The npm package wext-manifest-loader receives a total of 1,077 weekly downloads. As such, wext-manifest-loader popularity was classified as popular.
We found that wext-manifest-loader demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.