npmpackage.info

@netlify/plugin-gatsby

A build plugin to integrate Gatsby seamlessly with Netlify

3.8.1

MIT

TypeScript

Installations

npm install @netlify/plugin-gatsby

Pull Requests

Open

20

Total

649

Closed

67

Merged

562

Issues

Open

9

Total

92

Closed

83

Releases

plugin-gatsby: v3.8.1

plugin-gatsby-v3.8.1

Published on 17 Apr 2024

plugin-gatsby: v3.8.0

plugin-gatsby-v3.8.0

Published on 04 Dec 2023

plugin-gatsby: v3.7.2

plugin-gatsby-v3.7.2

Published on 09 Oct 2023

plugin-gatsby: v3.7.1

plugin-gatsby-v3.7.1

Published on 07 Aug 2023

plugin-gatsby: v3.7.0

plugin-gatsby-v3.7.0

Published on 19 Jul 2023

plugin-gatsby: v3.6.3

plugin-gatsby-v3.6.3

Published on 17 Jul 2023

View all 40 releases

Developer

netlify

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=14.17.0

Typescript Support

No

Node Version

20.12.2

NPM Version

10.5.0 Statistics

92 Stars

640 Commits

18 Forks

7 Watching

58 Branches

31 Contributors

Updated on 15 Nov 2024

Languages

TypeScript (79.23%)

JavaScript (19.71%)

CSS (0.58%)

Shell (0.47%)

Total Downloads

Cumulative downloads

Total Downloads

2,969,900

Last day

9.2%

5,292

Compared to previous day

Last week

3.6%

26,834

Compared to previous week

Last month

-2.3%

117,613

Compared to previous month

Last year

88.3%

1,500,253

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Netlify Build plugin Gatsby – Run Gatsby seamlessly on Netlify

Essential Gatsby Plugin

The Essential Gatsby build plugin enables caching of builds, SSR and DSG render modes, image CDN and Gatsby Functions. It is installed automatically for all new Gatsby sites.

Note:

Essential Gatsby includes functionality from the Gatsby Cache build plugin. If you already have the Gatsby Cache plugin installed on your Netlify site, you should remove it before installing this plugin.

Essential Gatsby is not compatible with the Gatsby community plugin gatsby-plugin-netlify-cache.

Installation

Gatsby sites need two plugins to support all features.

The Netlify build plugin, called "Essential Gatsby" or @netlify/plugin-gatsby. This is installed automatically for all Gatsby sites deployed to Netlify.
The Gatsby plugin gatsby-plugin-netlify. This needs to be manually installed.

Installing the Netlify build plugin

New Gatsby sites on Netlify automatically install the Essential Gatsby build plugin. You can confirm this in the build logs. If you need to install it manually, you have two options:

The Netlify UI. Here, you can search for "Essential Gatsby" and install the plugin.
File-based plugin installation. You can install the plugin as @netlify/plugin-gatsby in your netlify.toml file.

Install the Gatsby Plugin

You should also install the Gatsby plugin gatsby-plugin-netlify. This is required for SSR and DSG pages, and adds support for Gatsby redirects and asset caching rules:

Add the package as a dependency:

1npm install -D gatsby-plugin-netlify

Then add the following to your gatsby-config.js file:

1module.exports = {
2  plugins: ['gatsby-plugin-netlify'],
3}

See the gatsby-plugin-netlify docs for more information, including optional plugin configuration.

Disabling Netlify functions

In order to support Gatsby Functions and DSG and SSR render modes, this plugin generates four Netlify Functions called __api, __ssr, __dsg and _ipx. If you are not using any of these modes, then you can disable the creation of these functions. If you are using the latest version of gatsby-plugin-netlify then this will be handled automatically, disabling functions if the site has no Gatsby Functions, or DSG/SSR pages. Otherwise, you can do this manually by setting the environment variable NETLIFY_SKIP_GATSBY_FUNCTIONS to true. Be aware that if you do this, any DSG or SSR pages will not work, and nor will any Gatsby Functions or the remote image CDN.

Gatsby Image CDN

Gatsby includes beta support for deferred image resizing using a CDN. Netlify includes full support for Image CDN on all plans. For details on how to enable it, see the image CDN docs.

Caveats

Currently you cannot use StaticImage or gatsby-transformer-sharp in SSR or DSG pages. Support for Gatsby Image CDN is coming soon. The best workaround is to use an image CDN such as Cloudinary or imgix to host your images. This will give you faster builds and rendering too.

Local development

When developing Gatsby Functions it is usually easier to use the built-in gatsby develop functions server. However if you want to try the Netlify functions wrapper it will run via netlify dev. You should be sure to run netlify build first, so that the wrappers are generated and the functions copied across.

Netlify Background and Scheduled Functions

In order to use Netlify Background or Netlify Scheduled Functions in your Gatsby project, you will need to create a netlify/functions directory at the root of the project, and put the Functions in there.

Once that's completed, the Background or Scheduled Function can be invoked like an ordinary Gatsby function.

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

Security-Policy

Determines if the project has published a security policy.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/add-to-project.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/add-to-project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-to-project.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/add-to-project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-zenhub-label.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/add-zenhub-label.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/fossa.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/pre-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/pre-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/release-please.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/netlify-plugin-gatsby/test.yml/main?enable=pin
Warn: npmCommand not pinned by hash: plugin/test/v3-e2e-test.sh:7
Warn: npmCommand not pinned by hash: plugin/test/v4-e2e-test.sh:7
Warn: npmCommand not pinned by hash: plugin/test/v5-e2e-test.sh:7
Warn: downloadThenRun not pinned by hash: .github/workflows/fossa.yml:22
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:33
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:60
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 5 third-party GitHubAction dependencies pinned
Info: 6 out of 11 npmCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

53 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-c6f8-8r25-c4gc
Warn: Project is vulnerable to: GHSA-h2pm-378c-pcxx
Warn: Project is vulnerable to: GHSA-7ch4-rr99-cqcw
Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-rm97-x556-q36h
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-54xq-cgqr-rpm3
Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff
Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w
Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-rjqq-98f6-6j3r
Warn: Project is vulnerable to: GHSA-mjxr-4v3x-q3m4
Warn: Project is vulnerable to: GHSA-cgfm-xwp7-2cvr
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3

Score

5

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @netlify/plugin-gatsby

netlify-plugin-gatsby-cache

0.3.2

Persist the Gatsby cache between Netlify builds for huge build speed improvements!

gatsby-plugin-netlify

5.1.1

A Gatsby plugin for sites deployed to Netlify

gatsby-adapter-netlify

1.2.0

Gatsby adapter for Netlify

@vercel/gatsby-plugin-vercel-builder

2.0.58

This plugin generates [Vercel Build Output API v3](https://vercel.com/docs/build-output-api/v3) for Gatsby v4+ projects.

@netlify/plugin-gatsby

Installations

Pull Requests

20

649

67

562

Issues

9

92

83

Releases

Developer

Developer Guide

CommonJS

>=14.17.0

No

20.12.2

10.5.0

Statistics

Languages

Total Downloads

2,969,900

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

Essential Gatsby Plugin

Installation

Installing the Netlify build plugin

Install the Gatsby Plugin

Disabling Netlify functions

Gatsby Image CDN

Caveats

Local development

Netlify Background and Scheduled Functions

10

10

10

10

10

9

3

0

0

0

0

0

0

5

/10

Other packages similar to @netlify/plugin-gatsby