npmpackage.info

Gathering detailed insights and metrics for webpack-plugin-hash-output-mini-css

webpack-plugin-hash-output-mini-css

Plugin to replace webpack chunkhash with an md5 hash of the final file conent.

3.1.0-beta.4

128

ISC

JavaScript

1.34 kB

1,238,225 1.9

Installations

npm install webpack-plugin-hash-output-mini-css

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

8.10.0

NPM Version

5.6.0 Score

69.7

Supply Chain

98.9

Quality

75.1

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

16

Total

36

Closed

8

Merged

12

Issues

Open

4

Total

13

Closed

9

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

View all 6 contributors

Languages

JavaScript

CSS

JavaScript (99.86%)

CSS (0.14%)

Developer

scinos

Download Statistics

Total Downloads

1,238,225

Last Day

Last Week

Last Month

Last Year

180

GitHub Statistics

128 Stars

94 Commits

29 Forks

7 Watching

18 Branches

6 Contributors

Bundle Size

3.02 kB

Minified

1.34 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

3.1.0-beta.4

Package Id

webpack-plugin-hash-output-mini-css@3.1.0-beta.4

Unpacked Size

248.73 kB

Size

67.16 kB

File Count

NPM Version

5.6.0

Node Version

8.10.0

Total Downloads

Cumulative downloads

Total Downloads

1,238,225

Last day

Compared to previous day

Last week

Compared to previous week

Last month

33.3%

Compared to previous month

Last year

-63.3%

180

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

chai css-loader eslint eslint-config-airbnb-base eslint-plugin-import eslint-plugin-mocha html-webpack-plugin mini-css-extract-plugin mocha rimraf webpack webpack-cli

Versions

webpack-plugin-hash-output

Plugin to replace webpack chunkhash with an md5 hash of the final file conent.

Installation

With npm

npm install webpack-plugin-hash-output --save-dev

With yarn

yarn add webpack-plugin-hash-output --dev

Why?

There are other webpack plugins for hashing out there. But when they run, they don't "see" the final form of the code, because they run before plugins like webpack.optimize.UglifyJsPlugin. In other words, if you change webpack.optimize.UglifyJsPlugin config, your hashes won't change, creating potential conflicts with cached resources.

The main difference is that webpack-plugin-hash-output runs in the last compilation step. So any change in webpack or any other plugin that actually changes the output, will be "seen" by this plugin, and therefore that change will be reflected in the hash.

It will generate files like entry.<hash>.js, where <hash> is always a hash of the content (well, a subset of). Example:

$ md5 entry.32f1718dd08eccda2791.js

MD5 (entry.32f1718dd08eccda2791.js) = 32f1718dd08eccda2791ff7ed466bd98

All other assets (common files, manifest files, HTML output...) will use the new md5 hash to reference the asset.

Compatibility

Requires webpack >=4

Usage

Just add this plugin as usual.

1// webpack.config.js
2var HashOutput = require('webpack-plugin-hash-output');
3
4module.exports = {
5    // ...
6    output: {
7        //...
8        filename: '[name].[chunkhash].js',
9    },
10    plugins: [
11        new HashOutput(options)
12    ]
13};

Sourcemap support

This plugin partially supports sourcemaps. When a chunk hash is recomputed, it will update the name of the chunk in the chunks's sourcemap, but it won't recompute the name of the hash file. This has the side effect that the name of the sourcemap will differ from the name of the chunk. Example:

Before:

1// app.<oldhash>.js
2
3// ...code...
4//# sourceMappingURL=entry.<oldhash>.js.map

1// app.<oldhash>.js.map
2
3// ...
4"file":"app.<oldhash>.js"
5// ...

After:

1// app.<newhash>.js
2
3// ...code...
4//# sourceMappingURL=entry.<oldhash>.js.map

1// app.<oldhash>.js.map
2
3// ...
4"file":"app.<newhash>.js"
5// ...

We can't fully support sourcemaps (i.e. recomute sourcemap hash) because the circular reference: we can't compute sourcemap hash without computing the file hash first, and we can't compute the file hash without the sourcemap hash.

Options

Note: Use Webpack's own hash output options to configure hash function and length.

`options.validateOutput`

boolean, defaults to false.

After webpack has compiled and generated all the assets, checks that the hash of the content is included in the file. If it is not, it will throw an error and the webpack process will fail.

`options.validateOutputRegex`

regex, defaults to /^.*$/

When validating the output (see options.validateOutput), only evaluate hashes for files matching this regexp. Useful for skipping source maps or other output. Example:

1module.exports = {
2    entry: {
3        main: './src/app.js',
4    },
5    output: {
6        filename: 'assets/[name].[chunkhash].js',
7    },
8    plugins: [
9        new HtmlWebpackPlugin({
10            filename: 'fragments/app.html',
11            chunks: ['main'],
12        }),
13        new OutputHash({
14            validateOutput: true,
15            // Check that md5(assets/main.<hash>.js) === <hash>, but doesn't check fragments/app.html
16            validateOutputRegex: /^assets\/.*\.js$/,
17        }),
18    ]
19};

Contributions

Running tests

Tests can be run by:

yarn test

After running the tests, you might want to run yarn run clean to clean up temp files generated by the tests.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

64 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-c6rq-rjc2-86v2
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-p28h-cc7q-c4fg
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-3gx7-xhv7-5mx3
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-vvj3-85vf-fgmw
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-675m-85rw-j3w4
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.9

/10

Last Scanned on 2024-12-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More