Gathering detailed insights and metrics for expose-loader
Gathering detailed insights and metrics for expose-loader
Installations
npm install expose-loaderDeveloper
webpack-contrib
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 18.12.0
Typescript Support
No
Node Version
18.19.0
NPM Version
10.2.3
Statistics
546 Stars
172 Commits
73 Forks
15 Watching
1 Branches
42 Contributors
Updated on 29 Oct 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
129,500,888
Last day
3.1%
89,623
Compared to previous day
Last week
4.4%
470,800
Compared to previous week
Last month
12.6%
1,916,055
Compared to previous month
Last year
1.9%
21,568,245
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
26
@babel/cli@babel/core@babel/preset-env@commitlint/cli@commitlint/config-conventional@webpack-contrib/eslint-config-webpackbabel-jestbabel-loadercross-envcspelldeldel-clieslinteslint-config-prettiereslint-plugin-importhuskyjestlint-stagedmemfsnpm-run-allprettierreactrxstandard-versionstyled-componentswebpack
Versions
expose-loader
The expose-loader loader allows to expose a module (in whole or in part) to global object (self, window and global).
For further hints on compatibility issues, check out Shimming of the official docs.
Getting Started
To begin, you'll need to install expose-loader:
1npm install expose-loader --save-dev
or
1yarn add -D expose-loader
or
1pnpm add -D expose-loader
(If you're using WebPack 4, install expose-loader@1 and follow the corresponding instructions instead.)
Then you can use the expose-loader using two approaches.
Inline
The | or %20 (space) allow to separate the globalName, moduleLocalName and override of expose.
The documentation and syntax examples can be read here.
[!WARNING]
%20is space in a query string, because you can't use spaces in URLs
1import $ from "expose-loader?exposes=$,jQuery!jquery"; 2// 3// Adds the `jquery` to the global object under the names `$` and `jQuery`
1import { concat } from "expose-loader?exposes=_.concat!lodash/concat"; 2// 3// Adds the `lodash/concat` to the global object under the name `_.concat`
1import { 2 map, 3 reduce, 4} from "expose-loader?exposes=_.map|map,_.reduce|reduce!underscore"; 5// 6// Adds the `map` and `reduce` method from `underscore` to the global object under the name `_.map` and `_.reduce`
Using Configuration
src/index.js
1import $ from "jquery";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: require.resolve("jquery"), 6 loader: "expose-loader", 7 options: { 8 exposes: ["$", "jQuery"], 9 }, 10 }, 11 { 12 test: require.resolve("underscore"), 13 loader: "expose-loader", 14 options: { 15 exposes: [ 16 "_.map|map", 17 { 18 globalName: "_.reduce", 19 moduleLocalName: "reduce", 20 }, 21 { 22 globalName: ["_", "filter"], 23 moduleLocalName: "filter", 24 }, 25 ], 26 }, 27 }, 28 ], 29 }, 30};
The require.resolve call is a Node.js function (unrelated to require.resolve in webpack processing).
require.resolve gives you the absolute path to the module ("/.../app/node_modules/jquery/dist/jquery.js").
So the expose only applies to the jquery module. And it's only exposed when used in the bundle.
And run webpack via your preferred method.
Options
| Name | Type | Default | Description |
|---|---|---|---|
exposes | {String|Object|Array<String|Object>} | undefined | List of exposes |
globalObject | String | undefined | Object used for global context |
exposes
Type:
1type exposes = 2 | string 3 | { 4 globalName: string | Array<string>; 5 moduleLocalName?: string; 6 override?: boolean; 7 } 8 | Array< 9 | string 10 | { 11 globalName: string | Array<string>; 12 moduleLocalName?: string; 13 override?: boolean; 14 } 15 >;
Default: undefined
List of exposes.
string
Allows to use a string to describe an expose.
syntax
The | or %20 (space) allow to separate the globalName, moduleLocalName and override of expose.
String syntax - [[globalName] [moduleLocalName] [override]] or [[globalName]|[moduleLocalName]|[override]], where:
globalName- the name in the global object, for examplewindow.$for a browser environment (required)moduleLocalName- the name of method/variable/etc of the module (the module must export it) (may be omitted)override- allows to override existing value in the global object (may be omitted)
If moduleLocalName is not specified, it exposes the entire module to the global object, otherwise it exposes only the value of moduleLocalName.
src/index.js
1import $ from "jquery"; 2import _ from "underscore";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: require.resolve("jquery"), 6 loader: "expose-loader", 7 options: { 8 // For `underscore` library, it can be `_.map map` or `_.map|map` 9 exposes: "$", 10 // To access please use `window.$` or `globalThis.$` 11 }, 12 }, 13 { 14 // test: require.resolve("jquery"), 15 test: /node_modules[/\\]underscore[/\\]modules[/\\]index-all\.js$/, 16 loader: "expose-loader", 17 type: "javascript/auto", 18 options: { 19 // For `underscore` library, it can be `_.map map` or `_.map|map` 20 exposes: "_", 21 // To access please use `window._` or `globalThis._` 22 }, 23 }, 24 ], 25 }, 26};
object
Allows to use an object to describe an expose.
globalName
Type:
1type globalName = string | Array<string>;
Default: undefined
The name in the global object. (required).
src/index.js
1import _ from "underscore";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: /node_modules[/\\]underscore[/\\]modules[/\\]index-all\.js$/, 6 loader: "expose-loader", 7 type: "javascript/auto", 8 options: { 9 exposes: { 10 // Can be `['_', 'filter']` 11 globalName: "_.filter", 12 moduleLocalName: "filter", 13 }, 14 }, 15 }, 16 ], 17 }, 18};
moduleLocalName
Type:
1type moduleLocalName = string;
Default: undefined
The name of method/variable/etc of the module (the module must export it).
If moduleLocalName is specified, it exposes only the value of moduleLocalName.
src/index.js
1import _ from "underscore";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: /node_modules[/\\]underscore[/\\]modules[/\\]index-all\.js$/, 6 loader: "expose-loader", 7 type: "javascript/auto", 8 options: { 9 exposes: { 10 globalName: "_.filter", 11 moduleLocalName: "filter", 12 }, 13 }, 14 }, 15 ], 16 }, 17};
override
Type:
1type override = boolean;
Default: false
By default, loader does not override the existing value in the global object, because it is unsafe.
In development mode, we throw an error if the value already present in the global object.
But you can configure loader to override the existing value in the global object using this option.
To force override the value that is already present in the global object you can set the override option to the true value.
src/index.js
1import $ from "jquery";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: require.resolve("jquery"), 6 loader: "expose-loader", 7 options: { 8 exposes: { 9 globalName: "$", 10 override: true, 11 }, 12 }, 13 }, 14 ], 15 }, 16};
array
src/index.js
1import _ from "underscore";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: /node_modules[/\\]underscore[/\\]modules[/\\]index-all\.js$/, 6 loader: "expose-loader", 7 type: "javascript/auto", 8 options: { 9 exposes: [ 10 "_.map map", 11 { 12 globalName: "_.filter", 13 moduleLocalName: "filter", 14 }, 15 { 16 globalName: ["_", "find"], 17 moduleLocalName: "myNameForFind", 18 }, 19 ], 20 }, 21 }, 22 ], 23 }, 24};
It will expose only map, filter and find (under myNameForFind name) methods to the global object.
In a browser these methods will be available under windows._.map(..args), windows._.filter(...args) and windows._.myNameForFind(...args) methods.
globalObject
1type globalObject = string;
Default: undefined
Object used for global context
1import _ from "underscore";
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: /node_modules[/\\]underscore[/\\]modules[/\\]index-all\.js$/, 6 loader: "expose-loader", 7 type: "javascript/auto", 8 options: { 9 exposes: [ 10 { 11 globalName: "_", 12 }, 13 ], 14 globalObject: "this", 15 }, 16 }, 17 ], 18 }, 19};
Examples
Expose a local module
index.js
1import { method1 } from "./my-module.js";
my-module.js
1function method1() { 2 console.log("method1"); 3} 4 5function method2() { 6 console.log("method1"); 7} 8 9export { method1, method2 };
webpack.config.js
1module.exports = { 2 module: { 3 rules: [ 4 { 5 test: /my-module\.js$/, 6 loader: "expose-loader", 7 options: { 8 exposes: "mod", 9 // // To access please use `window.mod` or `globalThis.mod` 10 }, 11 }, 12 ], 13 }, 14};
Contributing
Please take a moment to read our contributing guidelines if you haven't yet done so.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs.yml:14
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 24/27 approved changesets -- score normalized to 8
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/dependency-review.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/dependency-review.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/nodejs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack-contrib/expose-loader/nodejs.yml/master?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
5.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More