Gathering detailed insights and metrics for webpack-hot-server-middleware
Gathering detailed insights and metrics for webpack-hot-server-middleware
Installations
npm install webpack-hot-server-middlewareReleases
Unable to fetch releases
Developer
60frames
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
12.12.0
NPM Version
6.11.3
Statistics
323 Stars
36 Commits
50 Forks
7 Watching
34 Branches
15 Contributors
Updated on 10 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
5,349,810
Last day
12.7%
3,534
Compared to previous day
Last week
1%
15,764
Compared to previous week
Last month
8.3%
70,055
Compared to previous month
Last year
5%
809,713
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Webpack Hot Server Middleware
Webpack Hot Server Middleware is designed to be used in conjunction with webpack-dev-middleware (and optionally webpack-hot-middleware) to hot update Webpack bundles on the server.
Why?
When creating universal Web apps it's common to build two bundles with Webpack, one client bundle targeting 'web' and another server bundle targeting 'node'.
The entry point to the client bundle renders to the DOM, e.g.
1// client.js 2 3import ReactDOM from 'react-dom'; 4import App from './components/App'; 5 6ReactDOM.render(<App />, document.getElementById('root'));
And the entry point to the server bundle renders to string, e.g.
1// server.js 2 3import { renderToString } from 'react-dom/server'; 4import App from './components/App'; 5 6export default function serverRenderer() { 7 return (req, res, next) => { 8 res.status(200).send(` 9 <!doctype html> 10 <html> 11 <head> 12 <title>App</title> 13 </head> 14 <body> 15 <div id="root"> 16 ${renderToString(<App />)} 17 </div> 18 <script src="/client.js"></script> 19 </body> 20 </html> 21 `); 22 }; 23}
NOTE: The server bundle is itself middleware allowing you to mount it anywhere in an existing node server, e.g.
1const express = require('express'); 2const serverRenderer = require('./dist/server'); 3const app = express(); 4 5app.use(serverRenderer()); 6app.listen(6060);
Given this setup it's fairly easy to hook up hot module replacement for your client bundle using webpack-dev-server or webpack-hot-middleware however these middlewares don't handle server bundles meaning you need to frequently restart your server to see the latest changes.
Webpack Hot Server Middleware solves this problem, ensuring the server bundle used is always the latest compilation without requiring a restart. Additionally it allows your client and server bundle to share the same Webpack cache for faster builds and uses an in-memory bundle on the server to avoid hitting the disk.
How?
It turns out hot module replacement is much easier on the server than on the client as you don't have any state to preserve because middleware is almost always necessarily stateless, so the entire bundle can be replaced at the top level whenever a change occurs.
Usage
Webpack Hot Server Middleware expects your Webpack config to export an array of configurations, one for your client bundle and one for your server bundle, e.g.
1// webpack.config.js 2 3module.exports = [ 4 { 5 name: 'client', 6 target: 'web', 7 entry: './client.js' 8 ... 9 }, { 10 name: 'server', 11 target: 'node', 12 entry: './server.js' 13 ... 14 } 15];
NOTE: It's important both the 'client' and 'server' configs are given a name prefixed with 'client' and 'server' respectively.
It then needs to be mounted immediately after webpack-dev-middleware, e.g.
1const express = require('express'); 2const webpack = require('webpack'); 3const webpackDevMiddleware = require('webpack-dev-middleware'); 4const webpackHotServerMiddleware = require('webpack-hot-server-middleware'); 5const config = require('./webpack.config.js'); 6const app = express(); 7 8const compiler = webpack(config); 9 10app.use(webpackDevMiddleware(compiler, { 11 serverSideRender: true 12})); 13app.use(webpackHotServerMiddleware(compiler)); 14 15app.listen(6060);
Now whenever Webpack rebuilds, the new bundle will be used both client and server side.
API
webpackHotServerMiddleware (compiler: MultiCompiler, options?: Options) => void
Options
chunkName string
The name of the server entry point, defaults to 'main'.
serverRendererOptions object
Mixed in with clientStats & serverStats and passed to the serverRenderer.
Example
A simple example can be found in the example directory and a more real world example can be seen in the 60fram.es boilerplate.
Usage with webpack-hot-middleware
webpack-hot-middleware needs to be mounted before webpack-hot-server-middleware to ensure client hot module replacement requests are handled correctly, e.g.
1const express = require('express'); 2const webpack = require('webpack'); 3const webpackDevMiddleware = require('webpack-dev-middleware'); 4const webpackHotMiddleware = require('webpack-hot-middleware'); 5const webpackHotServerMiddleware = require('webpack-hot-server-middleware'); 6const config = require('./webpack.config.js'); 7const app = express(); 8 9const compiler = webpack(config); 10 11app.use(webpackDevMiddleware(compiler, { 12 serverSideRender: true 13})); 14// NOTE: Only the client bundle needs to be passed to `webpack-hot-middleware`. 15app.use(webpackHotMiddleware(compiler.compilers.find(compiler => compiler.name === 'client'))); 16app.use(webpackHotServerMiddleware(compiler)); 17 18app.listen(6060);
Production Setup
A production setup might conditionally use express.static instead of webpack-dev-server and a pre-built server bundle instead of webpack-hot-server-middleware, e.g.
1const express = require('express'); 2const path = require('path'); 3const app = express(); 4 5if (process.env.NODE_ENV !== 'production') { 6 const webpack = require('webpack'); 7 const webpackDevMiddleware = require('webpack-dev-middleware'); 8 const webpackHotMiddleware = require('webpack-hot-middleware'); 9 const webpackHotServerMiddleware = require('webpack-hot-server-middleware'); 10 const config = require('./webpack.config.js'); 11 const compiler = webpack(config); 12 app.use(webpackDevMiddleware(compiler, { 13 serverSideRender: true 14 })); 15 app.use(webpackHotMiddleware(compiler.compilers.find(compiler => compiler.name === 'client'))); 16 app.use(webpackHotServerMiddleware(compiler)); 17} else { 18 const CLIENT_ASSETS_DIR = path.join(__dirname, '../build/client'); 19 const CLIENT_STATS_PATH = path.join(CLIENT_ASSETS_DIR, 'stats.json'); 20 const SERVER_RENDERER_PATH = path.join(__dirname, '../build/server.js'); 21 const serverRenderer = require(SERVER_RENDERER_PATH); 22 const stats = require(CLIENT_STATS_PATH); 23 app.use(express.static(CLIENT_ASSETS_DIR)); 24 app.use(serverRenderer(stats)); 25} 26 27app.listen(6060);
License
MIT
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 14/30 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
107 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-8w4h-3cm3-2pm2
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-c6rq-rjc2-86v2
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
- Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
- Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
- Warn: Project is vulnerable to: MAL-2023-462
- Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c
- Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
- Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-mvjj-gqq2-p4hw
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
- Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v
- Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx
- Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-wqfc-cr59-h64p
- Warn: Project is vulnerable to: GHSA-hjxc-462x-x77j
- Warn: Project is vulnerable to: GHSA-5xf4-f2fq-f69j
- Warn: Project is vulnerable to: GHSA-8mfc-v7wv-p62g
- Warn: Project is vulnerable to: GHSA-mpwj-fcr6-x34c
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
- Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
- Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
- Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
- Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
- Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
- Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
- Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-6394-6h9h-cfjg
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
- Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
- Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More