Static asset revisioning by appending content hash to filenames: `unicorn.css` → `unicorn-d41d8cd98f.css`
Installations
npm install gulp-revDeveloper
sindresorhus
Developer Guide
Module System
ESM
Min. Node Version
>=18
Typescript Support
No
Node Version
18.18.2
NPM Version
9.2.0
Statistics
1,541 Stars
144 Commits
217 Forks
29 Watching
1 Branches
33 Contributors
Updated on 26 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
40,213,098
Last day
-2.3%
14,503
Compared to previous day
Last week
7.6%
75,782
Compared to previous week
Last month
1.8%
307,932
Compared to previous month
Last year
-11.1%
3,689,290
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
gulp-rev
Static asset revisioning by appending content hash to filenames
unicorn.css→unicorn-d41d8cd98f.css
This project is feature complete. PRs adding new features will not be accepted.
Make sure to set the files to never expire for this to have an effect.
Install
1npm install --save-dev gulp-rev
Usage
1import gulp from 'gulp'; 2import rev from 'gulp-rev'; 3 4export default () => ( 5 gulp.src('src/*.css') 6 .pipe(rev()) 7 .pipe(gulp.dest('dist')) 8);
API
rev()
rev.manifest(path?, options?)
path
Type: string
Default: 'rev-manifest.json'
Manifest file path.
options
Type: object
base
Type: string
Default: process.cwd()
Override the base of the manifest file.
cwd
Type: string
Default: process.cwd()
Override the current working directory of the manifest file.
merge
Type: boolean
Default: false
Merge existing manifest file.
transformer
Type: object
Default: JSON
An object with parse and stringify methods. This can be used to provide a
custom transformer instead of the default JSON for the manifest file.
Original path
Original file paths are stored at file.revOrigPath. This could come in handy for things like rewriting references to the assets.
Asset hash
The hash of each rev'd file is stored at file.revHash. You can use this for customizing the file renaming, or for building different manifest formats.
Asset manifest
1import gulp from 'gulp'; 2import rev from 'gulp-rev'; 3 4export default () => ( 5 // By default, Gulp would pick `assets/css` as the base, 6 // so we need to set it explicitly: 7 gulp.src(['assets/css/*.css', 'assets/js/*.js'], {base: 'assets'}) 8 .pipe(gulp.dest('build/assets')) // Copy original assets to build dir 9 .pipe(rev()) 10 .pipe(gulp.dest('build/assets')) // Write rev'd assets to build dir 11 .pipe(rev.manifest()) 12 .pipe(gulp.dest('build/assets')) // Write manifest to build dir 13);
An asset manifest, mapping the original paths to the revisioned paths, will be written to build/assets/rev-manifest.json:
1{ 2 "css/unicorn.css": "css/unicorn-d41d8cd98f.css", 3 "js/unicorn.js": "js/unicorn-273c2c123f.js" 4}
By default, rev-manifest.json will be replaced as a whole. To merge with an existing manifest, pass merge: true and the output destination (as base) to rev.manifest():
1import gulp from 'gulp'; 2import rev from 'gulp-rev'; 3 4export default () => ( 5 // By default, Gulp would pick `assets/css` as the base, 6 // so we need to set it explicitly: 7 gulp.src(['assets/css/*.css', 'assets/js/*.js'], {base: 'assets'}) 8 .pipe(gulp.dest('build/assets')) 9 .pipe(rev()) 10 .pipe(gulp.dest('build/assets')) 11 .pipe(rev.manifest({ 12 base: 'build/assets', 13 merge: true // Merge with the existing manifest if one exists 14 })) 15 .pipe(gulp.dest('build/assets')) 16);
You can optionally call rev.manifest('manifest.json') to give it a different path or filename.
Sourcemaps and gulp-concat
Because of the way gulp-concat handles file paths, you may need to set cwd and path manually on your gulp-concat instance to get everything to work correctly:
1import gulp from 'gulp'; 2import rev from 'gulp-rev'; 3import sourcemaps from 'gulp-sourcemaps'; 4import concat from 'gulp-concat'; 5 6export default () => ( 7 gulp.src('src/*.js') 8 .pipe(sourcemaps.init()) 9 .pipe(concat({path: 'bundle.js', cwd: ''})) 10 .pipe(rev()) 11 .pipe(sourcemaps.write('.')) 12 .pipe(gulp.dest('dist')) 13);
Different hash for unchanged files
Since the order of streams are not guaranteed, some plugins such as gulp-concat can cause the final file's content and hash to change. To avoid generating a new hash for unchanged source files, you can:
- Sort the streams with gulp-sort
- Filter unchanged files with gulp-unchanged
- Read more about incremental builds
Streaming
This plugin does not support streaming. If you have files from a streaming source, such as Browserify, you should use gulp-buffer before gulp-rev in your pipeline:
1import gulp from 'gulp'; 2import browserify from 'browserify'; 3import source from 'vinyl-source-stream'; 4import buffer from 'gulp-buffer'; 5import rev from 'gulp-rev'; 6 7export default () => ( 8 browserify('src/index.js') 9 .bundle({debug: true}) 10 .pipe(source('index.min.js')) 11 .pipe(buffer()) 12 .pipe(rev()) 13 .pipe(gulp.dest('dist')) 14);
Integration
For more info on how to integrate gulp-rev into your app, have a look at the integration guide.
Use gulp-rev in combination with one or more of
It may be useful - and necessary - to use gulp-rev with other packages to complete the task.
- gulp-rev-rewrite - Rewrite occurrences of filenames which have been renamed
- gulp-rev-css-url - Override URLs in CSS files with the revved ones
- gulp-rev-outdated - Old static asset revision files filter
- gulp-rev-collector - Static asset revision data collector
- rev-del - Delete old unused assets
- gulp-rev-delete-original - Delete original files after rev
- gulp-rev-dist-clean - Clean up temporary and legacy files created by gulp-rev
- gulp-rev-loader - Use rev-manifest with webpack
- gulp-rev-format - Provide hash formatting options for static assets (prefix, suffix, last-extension)
- gulp-rev-sri - Add subresource integrity field to rev-manifest
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 11/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gulp-rev/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gulp-rev/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:21
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More