npmpackage.info

@mrgrain/cdk-esbuild

CDK constructs for esbuild, an extremely fast JavaScript bundler

5.3.5

120

MIT

TypeScript

3.76 kB

1,180,249 6.3

Installations

npm install @mrgrain/cdk-esbuild

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

18.20.5

NPM Version

10.8.2 Score

51.6

Supply Chain

81.9

Quality

92.5

Maintenance

Vulnerability

97.6

License

Pull Requests

Open

2

Total

1,318

Closed

14

Merged

1,302

Issues

Open

8

Total

151

Closed

143

Releases

166

v5.3.6

Updated on Feb 01, 2025

v5.3.5

Updated on Jan 15, 2025

v5.3.4

Updated on Jan 01, 2025

v5.3.3

Updated on Dec 15, 2024

v5.3.2

Updated on Dec 01, 2024

v4.5.1

Updated on Nov 15, 2024

View All 166 releases

Contributors

Unable to fetch Contributors

View All 4 Contributors

Languages

TypeScript

JavaScript

Python

TypeScript (64.19%)

JavaScript (24.2%)

Python (10.15%)

Go (1.46%)

Love this project? Help keep it running — sponsor us today! 🚀

Developer

mrgrain

Download Statistics

Total Downloads

1,180,249

Last Day

3,279

Last Week

20,325

Last Month

93,418

Last Year

781,031

GitHub Statistics

MIT License

120 Stars

1,081 Commits

8 Forks

5 Watchers

7 Branches

4 Contributors

Updated on Feb 13, 2025

Bundle Size

12.84 kB

Minified

3.76 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

5.3.5

Package Id

@mrgrain/cdk-esbuild@5.3.5

Unpacked Size

424.79 kB

Size

78.73 kB

File Count

NPM Version

10.8.2

Node Version

18.20.5

Published on

Jan 15, 2025

Total Downloads

Cumulative downloads

Total Downloads

1,180,249

Last Day

19.5%

3,279

Compared to previous day

Last Week

6.5%

20,325

Compared to previous week

Last Month

7.3%

93,418

Compared to previous month

Last Year

142.9%

781,031

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

CDK constructs for esbuild, an extremely fast JavaScript bundler

Getting started | Documentation | API Reference | Python, .NET, & Go | FAQ

Why?

esbuild is an extremely fast bundler and minifier for TypeScript and JavaScript. This package makes esbuild available to deploy AWS Lambda Functions, static websites or publish assets for further usage.

AWS CDK supports esbuild for AWS Lambda Functions, but the implementation cannot be used with other Constructs and doesn't expose all of esbuild's API.

Getting started

Install cdk-esbuild for Node.js using your favorite package manager:

1# npm 
2npm install @mrgrain/cdk-esbuild@5
3# Yarn
4yarn add @mrgrain/cdk-esbuild@5
5# pnpm
6pnpm add @mrgrain/cdk-esbuild@5

For Python, .NET or Go, use these commands:

1# Python
2pip install mrgrain.cdk-esbuild
3
4# .NET
5dotnet add package Mrgrain.CdkEsbuild
6
7# Go
8go get github.com/mrgrain/cdk-esbuild-go/cdkesbuild/v5

AWS Lambda: Serverless function

💡 See Lambda (TypeScript) and Lambda (Python) for working examples of a how to deploy an AWS Lambda Function.

Use TypeScriptCode as the code of a lambda function:

1const bundledCode = new TypeScriptCode("src/handler.ts");
2
3const fn = new lambda.Function(stack, "MyFunction", {
4  runtime: lambda.Runtime.NODEJS_18_X,
5  handler: "index.handler",
6  code: bundledCode,
7});

AWS S3: Static Website

💡 See React App (TypeScript) for a working example of a how to deploy a React app to S3.

Use TypeScriptSource as one of the sources of a static website deployment:

1const websiteBundle = new TypeScriptSource("src/index.tsx");
2
3const websiteBucket = new s3.Bucket(stack, "WebsiteBucket", {
4  autoDeleteObjects: true,
5  publicReadAccess: true,
6  removalPolicy: cdk.RemovalPolicy.DESTROY,
7  websiteIndexDocument: "index.html",
8});
9
10new s3deploy.BucketDeployment(stack, "DeployWebsite", {
11  destinationBucket: websiteBucket,
12  sources: [websiteBundle],
13});

Amazon CloudWatch Synthetics: Canary monitoring

💡 See Monitored Website (TypeScript) for a working example of a deployed and monitored website.

Synthetics runs a canary to produce traffic to an application for monitoring purposes. Use TypeScriptCode as the code of a Canary test:

1const bundledCode = new TypeScriptCode("src/canary.ts", {
2  buildOptions: {
3    outdir: "nodejs/node_modules", // This is required by AWS Synthetics
4  },
5});
6
7const canary = new synthetics.Canary(stack, "MyCanary", {
8  runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_5_1,
9  test: synthetics.Test.custom({
10    code: bundledCode,
11    handler: "index.handler",
12  }),
13});

Documentation

The package exports constructs for use with AWS CDK features. The guiding design principal of this package is "extend, don't replace". Expect constructs that you can provide as props, not complete replacements.

For use with Lambda Functions and Synthetic Canaries, implementing lambda.Code (reference) and synthetics.Code (reference):

TypeScriptCode

Inline code is only supported by Lambda:

InlineTypeScriptCode

For use with S3 bucket deployments, implementing s3deploy.ISource (reference):

TypeScriptSource

Code and Source constructs seamlessly plug-in to other high-level CDK constructs. They share the same set of parameters, props and build options.

The following classes power the other features. You normally won't have to use them, but they are there if you need them:

TypeScriptAsset implements s3.Asset (reference)
creates an asset uploaded to S3 which can be referenced by other constructs
EsbuildBundler implements core.BundlingOptions (reference)
provides an interface for a esbuild bundler wherever needed
EsbuildProvider implements IBuildProvider and ITransformProvider
provides the default esbuild API implementation and can be replaced with a custom implementation

API Reference

Auto-generated reference for Constructs, Classes and Structs. This information is also available as part of your IDE's code completion.

Python, .NET, Go

Esbuild requires a platform and architecture specific binary and currently has to be installed with a Node.js package manager like npm.

When using cdk-esbuild with Python, .NET or Go, the package will automatically detect local and global installations of the esbuild npm package. If none can be found, it will fall back to dynamically installing a copy into a temporary location. The exact algorithm of this mechanism must be treated as an implementation detail and should not be relied on. It can however be configured to a certain extent. See the examples below for more details.

This "best effort" approach makes it easy to get started. But is not always desirable, for example in environments with limited network access or when guaranteed repeatability of builds is a concern. You have several options to opt-out of this behavior.

Provide a controlled installation of esbuild

The first step is to install a version of esbuild that is controlled by you.

I strongly recommend to install esbuild as a local package. The easiest approach is to manage an additional Node.js project at the root of your AWS CDK project. esbuild can then be added to the package.json file and it is your responsibility to ensure required setup steps are taken in all environments like development machines and CI/CD systems.

Instead of installing the esbuild package in a local project, it can also be installed globally with npm install -g esbuild or a similar command. This approach might be preferred if a build container is prepared ahead of time, thus avoiding repeated package installation.

Change the automatic package detection

The second step is to make cdk-esbuild aware of your chosen install location. This step is optional, but it's a good idea to have the location or at least the method explicitly defined.

To do this, you can set the esbuildModulePath prop on a EsbuildProvider. Either pass a known, absolute or relative path as value, or use the EsbuildSource helper to set the detection method. Please refer to the EsbuildSource reference for a complete list of available methods.

1// Use the standard Node.js algorithm to detect a locally installed package
2new EsbuildProvider({
3  esbuildModulePath: EsbuildSource.nodeJs(),
4});
5
6// Provide an explicit path
7new EsbuildProvider({
8  esbuildModulePath: '/home/user/node_modules/esbuild/lib/main.js',
9});

As a no-code approach, the CDK_ESBUILD_MODULE_PATH environment variable can be set in the same way. An advantage of this is that the path can easily be changed for different systems. Setting the env variable can be used with any installation approach, but is typically paired with a global installation of the esbuild package. Note that esbuildModulePath takes precedence.

Override the default detection method

For an AWS CDK app with many instances of TypeScriptCode etc. it would be annoying to change the above for every single one of them. Luckily, the default can be changed for all usages per app:

1const customModule = new EsbuildProvider({
2  esbuildModulePath: EsbuildSource.globalPaths(),
3});
4EsbuildProvider.overrideDefaultProvider(customModule);

Customizing the Esbuild API

This package uses the esbuild JavaScript API. In most situations the default API configuration will be suitable. But sometimes it is required to configure esbuild differently or even provide a custom implementation. Common reasons for this are:

Using a pre-installed version of esbuild with Python, .NET or Go
If features not supported by the synchronous API are required, e.g. support for plugins
If the default version constraints for esbuild are not suitable
To use a version of esbuild that is installed by any other means than npm, including Docker

For these scenarios, this package offers customization options and an interface to provide a custom implementation:

1declare const myCustomBuildProvider: IBuildProvider;
2
3new TypeScriptCode("src/handler.ts", {
4  buildProvider: myCustomBuildProvider,
5});
6
7
8declare const myCustomTransformProvider: ITransformProvider;
9
10new InlineTypeScriptCode("let x: number = 1", {
11  transformProvider: myCustomTransformProvider,
12});

Esbuild binary path

It is possible to override the binary used by esbuild by setting a property on EsbuildProvider. This is the same as setting the ESBUILD_BINARY_PATH environment variable. Defining the esbuildBinaryPath prop takes precedence.

1const buildProvider = new EsbuildProvider({
2  esbuildBinaryPath: "path/to/esbuild/binary",
3});
4
5// This will use a different esbuild binary
6new TypeScriptCode("src/handler.ts", { buildProvider });

Esbuild module path

The Node.js module discovery algorithm will normally be used to find the esbuild package. It can be useful to use specify a different module path, for example if a globally installed package should be used instead of a local version.

1const buildProvider = new EsbuildProvider({
2  esbuildModulePath: "/home/user/node_modules/esbuild/lib/main.js",
3});
4
5// This will use a different esbuild module
6new TypeScriptCode("src/handler.ts", { buildProvider });

Alternatively supported by setting the CDK_ESBUILD_MODULE_PATH environment variable, which will apply to all uses. Defining the esbuildModulePath prop takes precedence.

If you are a Python, .NET or Go user, refer to the language specific guide for a more detailed explanation of this feature.

Custom Build and Transform API implementations

💡 See esbuild plugins w/ TypeScript for a working example of a custom Build API implementation.

A custom implementation can be provided by implementing IBuildProvider or ITransformProvider:

1class CustomEsbuild implements IBuildProvider, ITransformProvider {
2    buildSync(options: BuildOptions): void {
3      // custom implementation goes here
4    }
5  
6    transformSync(code: string, options?: TransformOptions): string {
7      // custom implementation goes here, return transformed code
8      return 'transformed code';
9    }
10}
11
12// These will use the custom implementation
13new TypeScriptCode("src/handler.ts", {
14  buildProvider: new CustomEsbuild(),
15});
16new InlineTypeScriptCode("let x: number = 1", {
17  transformProvider: new CustomEsbuild(),
18});

Instead of esbuild, the custom methods will be invoked with all computed options. Custom implementations can amend, change or discard any of the options.

The IBuildProvider integration with CDK relies on the outdir/outfile values and it's usually required to use them unchanged.

ITransformProvider must return the transformed code as a string.

Failures and warnings should be printed to stderr and thrown as the respective esbuild error.

Overriding the default implementation providers

The default implementation can also be set for all usages of TypeScriptCode etc. in an AWS CDK app. You can change the default for both APIs at once or set a different implementation for each of them.

1const myCustomEsbuildProvider = new MyCustomEsbuildProvider();
2
3EsbuildProvider.overrideDefaultProvider(myCustomEsbuildProvider);
4EsbuildProvider.overrideDefaultBuildProvider(myCustomEsbuildProvider);
5EsbuildProvider.overrideDefaultTransformationProvider(myCustomEsbuildProvider);
6
7// This will use the custom provider without the need to define it as a prop
8new TypeScriptCode("src/handler.ts");

Roadmap & Contributions

The project's roadmap is available on GitHub.

Please submit feature requests as issues to the repository. All contributions are welcome, no matter if they are for already planned or completely new features.

FAQ

Should I use this package in production?

This package is stable and ready to be used in production, as many do. However esbuild has not yet released a version 1.0.0 and its API is still in active development. Please read the guide on esbuild's production readiness.

Note that esbuild minor version upgrades are also introduced in minor versions of this package. Since esbuild is pre v1, these versions typically introduce breaking changes and this package will inherit them. To avoid this behavior, add the desired esbuild version as a dependency to your package.

How do I upgrade from `cdk-esbuild` v4?

Please refer to the v5 release notes for a list of backwards incompatible changes and respective upgrade instructions.

[TS/JS] Why am I getting the error `Cannot find module 'esbuild'`?

This package depends on esbuild as an optional dependencies. If optional dependencies are not installed automatically on your system (e.g. when using npm v4-6), install esbuild explicitly:

1npm install esbuild

[TS/JS] How can I use a different version of esbuild?

Use the override instructions for your package manager to force a specific version, for example:

1{
2  "overrides": {
3    "esbuild": "0.14.7"
4  }
5}

Build and Transform interfaces are relatively stable across esbuild versions. However if any incompatibilities occur, buildOptions / transformOptions can be cast to any:

1const bundledCode = new TypeScriptCode("src/handler.ts", {
2  buildOptions: {
3    unsupportedOption: "value"
4  } as any,
5});

[Python/.NET/Go] How can I use a different version of esbuild?

Install the desired version of esbuild locally or globally as described in the documentation above.

Build and Transform interfaces are relatively stable across esbuild versions. However if any incompatibilities occur, use the appropriate language features to cast any incompatible buildOptions / transformOptions to the correct types.

Can I use this package in my published AWS CDK Construct?

It is possible to use cdk-esbuild in a published AWS CDK Construct library, but not recommended. Always prefer to ship a compiled .js file or even bundle a zip archive in your package. For AWS Lambda Functions, projen provides an excellent solution.

If you do end up consuming cdk-esbuild, you will have to set buildOptions.absWorkingDir. The easiest way to do this, is to resolve the path based on the directory name of the calling file:

1// file: node_modules/construct-library/src/index.ts
2const props = {
3  buildOptions: {
4    absWorkingDir: path.resolve(__dirname, ".."),
5    // now: /user/local-app/node_modules/construct-library
6  },
7};

This will dynamically resolve to the correct path, wherever the package is installed. Please open an issue if you encounter any difficulties.

Can I use this package with AWS CDK v1?

Yes, v2 of cdk-esbuild is compatible with AWS CDK v1. You can find the documentation for it on the v2 branch.

Support for AWS CDK v1 and cdk-esbuild v2 has ended on June 1, 2023. Both packages are not receiving any updates or bug fixes, including for security related issues. You are strongly advised to upgrade to a supported version of these packages.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

SAST

Determines if the project uses static code analysis.

7

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:11
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:114
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:222
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:313
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:77
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:148
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:185
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:259
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:287
Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:24
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:25
Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:21
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:15
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:80
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:105
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:155
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:196
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:236
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-v5.yml:13
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-v5.yml:47
Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
Warn: no topLevel permission defined: .github/workflows/pull-request-lint.yml:1
Warn: no topLevel permission defined: .github/workflows/release.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-v5.yml:1

5

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

4

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 4

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/auto-approve.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:240: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:302: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:320: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/build.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/codeql.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/codeql.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/codeql.yml/v5?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/pull-request-lint.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/release.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-v5.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/mrgrain/cdk-esbuild/upgrade-v5.yml/v5?enable=pin
Warn: pipCommand not pinned by hash: .github/workflows/build.yml:281
Warn: npmCommand not pinned by hash: .github/workflows/build.yml:336
Warn: npmCommand not pinned by hash: .github/workflows/build.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/build.yml:36
Info: 0 out of 65 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 13 out of 15 npmCommand dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned

3

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.3

/10

Last Scanned on 2025-02-03

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Gathering detailed insights and metrics for @mrgrain/cdk-esbuild

@mrgrain/cdk-esbuild

Installations

Developer Guide

Yes

CommonJS

18.20.5

10.8.2

Score

Pull Requests

2

1,318

14

1,302

Issues

8

151

143

Releases

Contributors

Unable to fetch Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Bundle Size

12.84 kB

3.76 kB

Maintainers

Package Meta Information

Total Downloads

1,180,249

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

Dev Dependencies

Optional Dependencies

Why?

Getting started

AWS Lambda: Serverless function

AWS S3: Static Website

Amazon CloudWatch Synthetics: Canary monitoring

Documentation

API Reference

Python, .NET, Go

Provide a controlled installation of esbuild

Change the automatic package detection

Override the default detection method

Customizing the Esbuild API

Esbuild binary path

Esbuild module path

Custom Build and Transform API implementations

Overriding the default implementation providers

Roadmap & Contributions

FAQ

Should I use this package in production?

How do I upgrade from cdk-esbuild v4?

[TS/JS] Why am I getting the error Cannot find module 'esbuild'?

[TS/JS] How can I use a different version of esbuild?

[Python/.NET/Go] How can I use a different version of esbuild?

Can I use this package in my published AWS CDK Construct?

Can I use this package with AWS CDK v1?

10

10

10

10

10

10

7

5

4

3

0

0

0

6.3

/10

How do I upgrade from `cdk-esbuild` v4?

[TS/JS] Why am I getting the error `Cannot find module 'esbuild'`?