Security News
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
By Jonathan Leitschuh - Aug 19, 2025
assets-squasher
About
Assets squasher is exactly what it says on the tin: it takes an HTML file and replaces all included scripts with just one and the same for stylesheets.
One caveat here, it's meant to be used for single page applications. There you typically have one entry point HTML file which links all the necessary scripts and stylesheets. Like this one:
<!DOCTYPE html>
<html ng-app="app" ng-controller="MainController">
<head>
<script defer src="/bower_components/angular/angular.min.js"></script>
<script defer src="/bower_components/angular-route/angular-route.min.js"></script>
<script defer src="/bower_components/angular-animate/angular-animate.min.js"></script>
<script defer src="/bower_components/angular-ui-bootstrap/dist/ui-bootstrap-tpls-0.11.0.min.js"></script>
<script defer src="/app.js"></script>
<script defer src="/services.js"></script>
<link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
<link rel="stylesheet" href="/bower_components/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/app.css">
</head>
<body>
<div ng-view>Loading ...</div>
</body>
</html>
Now let's save it into app.html (I'm assuming that all the assets exist). When you run bundle exec assets-asquasher app.html build.html, you'll get build/build.min.js and its source map, build/build.min.css and also build.html which will look like this:
<!DOCTYPE html>
<html ng-app="app" ng-controller="MainController">
<head>
<script src="/build/build.min.js"></script>
<link rel="stylesheet" href="/build/build.min.css">
</head>
<body>
<div ng-view>Loading ...</div>
</body>
</html>
Why Is It Useful?
On production you want to use a single minified JS file and a single minified CSS file. Why? Because speed has significant impact on conversions. Yes, it's all cached after the first request, but how many times have you closed a web page before it even loaded?
On the other hand in development you want to include each unminified script separately, so the backtraces make sense[1].
Ultimately this the simplest solution: no need to change your code like you'd have to with say RequireJS. No need to define dependencies in an extra file – it's already there!
Installation
# Assuming you have Node.js already installed.
npm -g uglify-js uglifycss
gem install assets-asquasher
TODO
Since RubyGems is a piece of crap and couldn't fucking help it but to create an idiotic wrapper around the original file, our DATA are fucking gone. Fuck you RubyGems, fuck you, fuck you, fuck you!
Footnotes
[1] Or alternatively you could use one build file with source maps, but then you have to user guard or something to constantly rebuild it.
FAQs
Unknown package
We found that assets-squasher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Jun 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Oxlint Introduces Type-Aware Linting Preview
Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.
By Sarah Gooding - Aug 18, 2025
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
By Sarah Gooding - Aug 15, 2025