Installations
npm install @chialab/node-resolveReleases
@chialab/wds-plugin-rna@0.16.1
Published on 08 Jun 2022
@chialab/wds-plugin-legacy@0.16.1
Published on 08 Jun 2022
@chialab/esbuild-plugin-require-resolve@0.16.1
Published on 08 Jun 2022
@chialab/wds-plugin-node-resolve@0.16.1
Published on 08 Jun 2022
@chialab/rna-bundler@0.16.0
Published on 08 Jun 2022
@chialab/rna-logger@0.16.0
Published on 08 Jun 2022
Developer
Developer Guide
Module System
ESM
Min. Node Version
>=18
Typescript Support
No
Node Version
16.20.2
NPM Version
8.19.4
Statistics
172 Stars
1,379 Commits
21 Forks
2 Watching
5 Branches
9 Contributors
Updated on 08 Nov 2024
Languages
JavaScript (98.68%)
HTML (0.83%)
Handlebars (0.26%)
TypeScript (0.19%)
CSS (0.02%)
SCSS (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
702,717
Last day
7.1%
2,690
Compared to previous day
Last week
1.7%
14,075
Compared to previous week
Last month
18.5%
52,351
Compared to previous month
Last year
186.6%
464,164
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
RNA is a build framework
We built RNA to be pluggable and to be interoperable with other build systems. A lot of esbuild and postcss plugins are distribuited as standalone packages in order to be reused outside the RNA opinionated ecosystem. We also designed a micro-sdk for esbuild plugin authors that handles transform pipelines and emits chunks or files.
RNA is a bundler
RNA bundler is heavily based on esbuild, an extremely fast JavaScript bundler with some pre-configured addons. It can bundle and optimize JavaScript, TypeScript, JSX, CSS and HTML and collect referenced assets just using languages features.
The bundler is designed for modern browsers, but it can transpile code for IE11 and other legacy browsers with Babel and PostCSS plugins.
RNA is a dev server
Build plugins are also available for the Web Dev Server. Since both WDS and RNA aim to use standard syntax and practises in web projects, you can run a local server with hot module replacement and CSS livereload without have to bundle your web app first or to re-run a partial build for each change. Files loaded via ESM will pass through a little esbuild transpilation in order to support TypeScript, CommonJS modules and node resolution, making a great difference in developer experience. The dev server can be used also for PHP with an Encore-like approach.
RNA is a cli
Quick usage
1npm i -D @chialab/rna
package.json
1{ 2 "scripts": { 3 "start": "rna serve src --port 3000", 4 "build": "rna build src/index.html --output public" 5 } 6}
Tutorials
License
RNA is released under the MIT license.
No vulnerabilities found.
Reason
18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 10 commits out of 23 are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Found 1/11 approved changesets -- score normalized to 0
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/pages.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pages.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pages.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pages.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pages.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pages.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/chialab/rna/pr.yml/main?enable=pin
- Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.1
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @chialab/node-resolve
@chialab/esbuild-plugin-require-resolve
A file loader plugin for esbuild for `require.resolve` statements.
@rollup/plugin-node-resolve
Locate and bundle third-party dependencies in node_modules
resolve
resolve like require.resolve() on behalf of files asynchronously and synchronously
eslint-import-resolver-node
Node default behavior import resolution plugin for eslint-plugin-import.