Gathering detailed insights and metrics for monaco-editor-webpack-plugin
Gathering detailed insights and metrics for monaco-editor-webpack-plugin
A browser based code editor
Installations
npm install monaco-editor-webpack-pluginDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.20.0
NPM Version
8.19.4
Score
81.4
Supply Chain
67.6
Quality
79.8
Maintenance
100
Vulnerability
99.6
License
Releases
91
Languages
6
JavaScript
TypeScript
HTML
CSS
Shell
SCSS
JavaScript (61.25%)
TypeScript (37.19%)
HTML (1.49%)
CSS (0.04%)
Shell (0.02%)
SCSS (0.01%)
Developer
Download Statistics
Total Downloads
66,007,004
Last Day
12,396
Last Week
353,612
Last Month
1,615,814
Last Year
18,803,256
GitHub Statistics
MIT License
43,134 Stars
3,439 Commits
3,798 Forks
526 Watchers
31 Branches
298 Contributors
Updated on Jul 06, 2025
Bundle Size
90.05 kB
Minified
28.00 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
7.1.0
Package Id
monaco-editor-webpack-plugin@7.1.0
Unpacked Size
23.35 kB
Size
7.42 kB
File Count
12
NPM Version
8.19.4
Node Version
16.20.0
Published on
Jul 10, 2023
Total Downloads
Cumulative downloads
Total Downloads
66,007,004
Last Day
-17.9%
12,396
Compared to previous day
Last Week
-14.1%
353,612
Compared to previous week
Last Month
-3.5%
1,615,814
Compared to previous month
Last Year
43.6%
18,803,256
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
2
Monaco Editor Webpack Loader Plugin
A plugin to simplify loading the Monaco Editor with webpack.
Installing
1npm install monaco-editor-webpack-plugin
Using
webpack.config.js:
1const MonacoWebpackPlugin = require('monaco-editor-webpack-plugin'); 2const path = require('path'); 3 4module.exports = { 5 entry: './index.js', 6 output: { 7 path: path.resolve(__dirname, 'dist'), 8 filename: 'app.js' 9 }, 10 module: { 11 rules: [ 12 { 13 test: /\.css$/, 14 use: ['style-loader', 'css-loader'] 15 }, 16 { 17 test: /\.ttf$/, 18 type: 'asset/resource' 19 } 20 ] 21 }, 22 plugins: [new MonacoWebpackPlugin()] 23};
If using Webpack 4 or lower, it is necessary to use the file-loader instead of Asset Modules like the code below:
1{ 2 test: /\.ttf$/, 3 use: ['file-loader'] 4}
index.js:
1import * as monaco from 'monaco-editor'; 2// or import * as monaco from 'monaco-editor/esm/vs/editor/editor.api'; 3// if shipping only a subset of the features & languages is desired 4 5monaco.editor.create(document.getElementById('container'), { 6 value: 'console.log("Hello, world")', 7 language: 'javascript' 8});
Options
Options can be passed in to MonacoWebpackPlugin. They can be used to generate a smaller editor bundle by selecting only certain languages or only certain editor features:
-
filename(string) - custom filename template for worker scripts, respects the same options as loader-utils' interpolateName. Useful for adding content-based hashes so that files can be served with long-lived caching headers.- default value:
'[name].worker.js'.
- default value:
-
publicPath(string) - custom public path for worker scripts, overrides the public path from which files generated by this plugin will be served. This wins out over Webpack's dynamic runtime path and can be useful to avoid attempting to load workers cross-origin when using a CDN for other static resources. Use e.g. '/' if you want to load your resources from the current origin..- default value:
''.
- default value:
-
languages(string[]) - include only a subset of the languages supported. By default, all languages shipped with themonaco-editorwill be included.Some languages share the same web worker. If one of the following languages is included, you must also include the language responsible for instantiating their shared worker:
Language Instantiator javascript typescript handlebars html scss, less css To view a list of all available languages, you can run
import metadata from 'monaco-editor/esm/metadata'; console.log(metadata.languages);. -
features(string[]) - include only a subset of the editor features. By default, all features shipped with themonaco-editorwill be included. Instead of enumerating included features, it is also possible to exclude certain default features prefixing them with an exclamation mark '!'.To view a list of all available features, you can run
import metadata from 'monaco-editor/esm/metadata'; console.log(metadata.features);. -
globalAPI(boolean) - specify whether the editor API should be exposed through a globalmonacoobject or not. This option is applicable to0.22.0and newer version ofmonaco-editor. Since0.22.0, the ESM version of the monaco editor does no longer define a globalmonacoobject unlessglobal.MonacoEnvironment = { globalAPI: true }is set (change log).- default value:
false.
- default value:
Version Matrix
monaco-editor-webpack-plugin | monaco-editor |
|---|---|
7.*.* | >= 0.31.0 |
6.*.* | 0.30.* |
5.*.* | 0.29.* |
4.*.* | 0.25.*, 0.26.*, 0.27.*, 0.28.* |
3.*.* | 0.22.*, 0.23.*, 0.24.* |
2.*.* | 0.21.* |
1.9.* | 0.20.* |
1.8.* | 0.19.* |
1.7.* | 0.18.* |
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.
Reason
30 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
all last 30 commits are reviewed through GitHub
Reason
no vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy detected in current repo: SECURITY.md:1
Reason
license file detected
Details
- Info: : LICENSE.txt:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
update tool detected
Details
- Info: Dependabot detected
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'main'
- Info: 'allow deletion' disabled on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Warn: number of required reviewers is only 1 on branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/locker.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/locker.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/needs-more-info-closer.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/needs-more-info-closer.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-chat.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/pr-chat.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/website.yml/master?enable=pin
- Warn: containerImage not pinned by hash: website/index/samples/sample.dockerfile.txt:1: pin your Docker image by updating mono to mono@sha256:b6bd136c233c60037a45d15b37d593a4a40d822ebe35090d492144b997476dff
- Warn: npmCommand not pinned by hash: .github/workflows/locker.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/needs-more-info-closer.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/pr-chat.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:177
- Info: Third-party GitHubActions are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/ci.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/locker.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/locker.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/needs-more-info-closer.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/needs-more-info-closer.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/pr-chat.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/pr-chat.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/publish.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/website.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kamil1b/git-taxbreak/website.yml/master?enable=permissions
Reason
project is not fuzzed
Score
7.8
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More